A rather dangerous Windows operating virus, is now in circulation around the world. It all started recently, when this nuisance began to interfere with a number of peoples personal and company computers. This mess has since cost people both time and money. Microsoft states that they are doing their best to prevent this from happening again or from copycats from doing the exact same thing.
The first big wave has hit various parts of the world on 5/15/17. Perhaps this date, has some significant hidden meaning but anything is just speculation at this point. This virus is known as ransomware. Basically, it locks up someones system and holds it hostage until a set price is paid. Users infected with this madness will see there screens look like this.
Early infections have started since Friday, quickly spreading like fire in a forest around. There are now well over 70,000 different machines infected. Just within the first few hours, many machines were locked up and simply unusable. Comparably, this infection is similar to an armed bank robbery. Imagine all of the doctors, nurses and others in crucial positions who cannot access their computer for work related duties.
Those infected included Telecom in Spain, FedEx offices in the United Kingdom and the Russian Interior Ministry among others. In just a mere half days time, there were six continents infected with this nasty virus of sorts. All of this could have been prevented, according to Microsoft—who released a security patch several months earlier.
Unsuspecting users, simply didn’t install the Windows updated patch to prevent this. They unknowingly made their system vulnerable. Only those still running Windows XP, (a way older operating system) are in the clear. This operating system hasn’t been supported in over three years now. An estimated 8.45 percent of users are still using Windows XP a once popular PC operating system.
Unknown attackers deployed a virus, which targeted Microsoft servers. The Microsoft servers which were running the file sharing protocol Server Message Block (SMB) were infected. Those servers which didn’t update after March 14th were vulnerable thereby becoming infected. A patch known as MS17-010 is the suspected problem for the Ransomware outbreak.
The intended patch released by Microsoft was to fix an exploit known as ExternalBlue. This originally was a guarded secret available to the NSA (National Security Agency). This information was ironically leaked by a different group of hackers known as ShadowBrokers. They are a group that first made themselves known during later half of last year.
How many total machine that have been exploited in total, isn’t known just yet. Like any virus, it can spread quickly before getting it under control. The name of the ransomware has been amply named WannaCry.
This is the most critical Windows update patch since [Conficker] which infected machines well over a decade ago. This worm is still in circulation to date. It will be some time before this ever gets under control according to Sean Dillon, the RiskSense security analyst who reverse engineered DoublePulsar. These types of exploits people will be finding for years to come.