Microsoft Issues Emergency Patch in Response to Massive Ransomware Outbreak
A fast-moving wave of ransomware attacks is hitting hard across the world, exploiting a recently patched vulnerability that was exposed in documents leaked from the NSA by the mysterious Shadow Broker group.
Dubbed WannaCry, the ransomware is exploiting a critical vulnerability in Microsoft’s Server Message Block (SMB) which was patched by Microsoft (MS17-010) for supported versions of Windows last month.
Also known as WCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r, the ransomware strain has reportedly hit more than 100 countries in less than 24 hours.
While up to date and fully-patched Windows installations are not at risk, Microsoft took the highly unusual step of providing a security update for those using Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.
“We also know that some of our customers are running versions of Windows that no longer receive mainstream support,” Microsoft said. “That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download.”
The malware outbreak began, Friday and is being described as the biggest-ever ransomware attack, hitting hospitals in Britain as well as the Spanish telecom giant Telefonica and was also spreading in other countries, including Russian banks, FedEx and European car makers.
According to security firm F-Secure, WannaCry is the biggest ransomware outbreak in history, saying that 130,000 systems in more than 100 countries had been affected as of Saturday.
A spokesman for Barts Health NHS Trust in London told AFP that it was experiencing “major IT disruption” and delays at all four of its hospitals, and that ambulances were being diverted to nearby hospitals.
“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email,” Lance Cottrell, chief scientist at Ntrepid, told SecurityWeek.
Source | securityweek