Skip to main content

Widespread Ransomware Infecting Thousands Linked to NSA Exploit

ransomware

According to many reports across the web, a string of ransomware attacks has infected thousands of businesses from 99 countries worldwide. Sources say over 75,000 users globally were affected because of leaked NSA exploit published by the hacker group the Shadow Brokers.

Also read: Why South Korean Bitcoin Adoption Could Outpace Most Other Countries This Year

Wana Ransomware Infects 75,000 Computers Worldwide

A massive epidemic has recently stricken in close to a hundred countries, with more than 75,000 detections of the ransomware called Wanacryptor 2.0 (Wana). According to the Avast security blog and Krebs on Security a significant portion of businesses targeted stemmed from Taiwan, the Ukraine, and Russia. Additionally, a string of hospitals from Europe was attacked, Chinese Universities, the UK’s National Health Service (NHS), and the Spanish telecommunications giant Telefonica.

The Wana software is a malicious protocol that encrypts an individual or company’s files and demands a ransom to unlock the content. Reports from the Financial Times and other news outlets say the tool is linked to the group the Shadow Brokers and the recently leaked NSA exploits. Krebs on Security also details the ransomware is spreading due to a backdoor in Windows software.

“There are indications the malware may be spreading to vulnerable systems through a security hole in Windows that was recently patched by Microsoft,” the security firm details.

Widespread Ransomware Infecting Thousands Linked to NSA Exploit

Windows Vulnerability  

Wana infects a computer using the extension WNCRY which is tethered to the encrypted files. Malware Hunter Team was the first to notice the Wana malware and told the public a few weeks ago. The attack not only encrypts files but also downloads the latest Tor client for ransomware communications. To unlock the computer’s files, some amount of bitcoin must be sent to an address provided by the software. According to CCN-CERT, the tool attacks a vector in the Windows Server Message Block protocol, which has enabled the ransomware to spread exponentially across 75,000+ operating systems globally.

Widespread Ransomware Infecting Thousands Linked to NSA Exploit

There are over 100 strains of ransomware, but this particular case is being called the worst malware epidemic yet. One that also involves a Windows exploit allegedly crafted by the U.S. National Security Agency. So far reports detail a few businesses around the world are refusing to pay the ransom and some security groups believe a remedy will be found soon.

However, the attackers have so far accumulated at least 6.46 BTC (US$ 10,000) between three addresses hard-coded into the software. Investigators say they find it odd the attackers chose to use the same bitcoin addresses.

What do you think about the ransomware epidemic? Let us know in the comments below.

Images via Shutterstock, and Bleeping Computer. 

At News.Bitcoin.com all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published.  

The post Widespread Ransomware Infecting Thousands Linked to NSA Exploit appeared first on Bitcoin News.

Comments

Post a Comment

Popular posts from this blog

Microsoft releases Indic Phonetic keyboards for 10 languages under Windows Insider Program

New Delhi, December 10, 2018: Continuing its endeavor to make technology accessible and productive for all, Microsoft India has announced the availability of new Phonetic keyboards in Indian languages to members of the Windows Insider Program. The new feature is available in 10 Indian languages including Hindi, Bangla, Tamil, Marathi, Punjabi, Gujarati, Odia, Telugu, Kannada and Malayalam. The new Indic Phonetic keyboards are in addition to the Indic Traditional INSCRIPT keyboards already available with Windows. The new keyboards have been added to Windows Insider Preview Build 18272. Users participating in the program can immediately start using them and share their feedback. The keyboards are expected to be added to Windows 10 later, subsequent to which Indian language users won’t need to download and install any external Input Method Editors (IMEs) to input Indic text in a phonetic style. As words are typed using the existing keyboard, Indic Phonetic keyboards transliterate them ...
Post a Comment
Read more

Coinbase Seeks Online Merchant Crypto Adoption by the Millions

Adoption news keeps flowing this week, from Wall Street to Australia, and now San Francisco. The United States largest cryptocurrency bank, Coinbase, announced it is expanding its commerce section to include Woo Commerce via a plugin downloadable from Github. It could be just what more online merchants need to get comfortable with cryptocurrency. Also read: Bitcoiners Hope to Have a Friend in Top US Regulator Jay Clayton Coinbase Seeks Online Merchant Crypto Adoption by the Millions More than a quarter of all online merchants use Woo Commerce. It’s easily one of the most popular payment platforms around. This week, Coinbase announced it is releasing a Woo Commerce plugin as part of its proprietary Coinbase Commerce offering which can be downloaded from Github. Coinbase Commerce is itself a payment solution focusing on getting more online merchants to use cryptocurrency. Woo Commerce businesses will “have access to cryptocurrency payments from customers around the world,” Coinbas...
Post a Comment
Read more