12 May 2017

A new case of ransomware affects thousands of companies around the world

Today May 12, 2017, companies such as Telefónica and The Britain's health system have been affected by this new ransomware attack, causing the failure of the systems due these viruses encrypt all data in computers and ask for a bailout to unlock them. Current estimates speak of an involvement of 74 countries and more than 36,000 recorded cases.

The ransomware intends to encrypt the files of the computers to request a rescue, in currency BitCoin, a cryptographic currency that can be traced. As usual, has distributor through a massive email that claimed to be legitimate and linking with an address for download. Due to its novelty, it was not detected by many antivirus programs yet.

This time the novelty has been that ransomware took advantage of a vulnerability of Microft Windows to expand to other computers of the same network. This vulnerability is known as Ethernalblue and was fixed with Microsoft Update MS017-10 dated March 15, 2017,

This update has been made for all operating systems in support of Microsoft, from Windows Vista to Windows 10 in all the respective versions (1511, 1603, 1703).

Unfortunately, not all users and companies have automatic updates enabled for several reasons: compatibility, reliability, etc; And this fact has been exploited that this ransomware to propagate within the local networks.

However, this attack brings to light that this vulnerability has been known for some time by the US National Security Agency (NSA); And was only communicated to the public when a group called The Shadow Brokers (the mysterious person or group that in recent months has leaked a value of gigabytes of software exploits weapons from the National Security Agency) made it known few months ago.

Microsoft reacted in a few days took out the correction, but it seems that these updates have not arrived on time to many users and companies.

Anyway, it is also being announced that this news has taken a sensational and the real affect is not so much, but emergency measures to prevent damages taken by companies as Telefónica can have exaggerated its gravity.

On the case of Telefónica, there is an excellent description of what happened (in spanish), written by one of the security gurus in Spain, Chema Alonso at

http://www.elladodelmal.com/2017/05/el-translation-wannacry.html?m=1

06-09-2018