Costas Pitas and Carlos Ruano report:
A global cyberattack leveraging hacking tools widely believed by researchers to have been developed by the U.S. National Security Agency hit international shipper FedEx, disrupted Britain’s health system and infected computers in nearly 100 countries on Friday.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access.
Read more on Reuters.
Perhaps one of the most stunning sub-plots of the story today was how damage was accidentally limited by @MalwareTechBlog registering a domain that the attackers used but never registered. Warren Mercer pointed out:
Infections for WannaCry/WanaDecrpt0r are down due to @MalwareTechBlog registering initial C2 domain leading to kill-switch #AccidentalHero
— Warren Mercer (@SecurityBeard) May 12, 2017
As Darien Huss explained:
#WannaCry propagation payload contains previously unregistered domain, execution fails now that domain has been sinkholed pic.twitter.com/z2ClEnZAD2
— Darien Huss (@darienhuss) May 12, 2017
While humorously acknowledging that he can change his resume to include, “accidentally stopped an international cyber attack,” @MalwareTechBlog wants everyone to understand that they need to patch systems NOW:
It’s very important everyone understands that all they need to do is change some code and start again. Patch your systems now! https://t.co/L4GIPLGKEs
— MalwareTech (@MalwareTechBlog) May 13, 2017