On Friday, the WannaCrypt ransomware attack impacted over 100 countries, and although media reports indicate that it may have slowed, the attack may not be over.
According to the British newspaper The Telegraph, a cyber gang called Shadow Brokers claimed in April that it had stolen a cyber weapon named Eternal Blue from the National Security Agency (NSA).
Eternal Blue reportedly gives unprecedented access to all computers using Microsoft Windows.
It is alleged that the Shadow Brokers dumped Eternal Blue on an obscure website in April of this year. It is also alleged that a separate crime organization picked up Eternal Blue and used it to gain remote access to computers around the world.
The same crime organization, having gained access to computers, then deployed WannaCrypt, the ransomware, to hijack exploited computing systems and encrypt all the files contained on it.
Our post on Ransomware offers more information about ransomware attacks and tips on steps you can take to protect yourself.
You can also refer to information from Microsoft specific to this attack – Customer Guidance for Wannacrypt
If you have not already done so, we suggest the following:
- Consult with your IT team or external advisor to verify that you are adequately protected from this threat.
- Refer to our post on Ransomware for measures you can take to educate members of your organization to reduce exposure to ransomware.