The British National Health System (NHS) has fallen victim to a massive attack with ransomware which seems to be part of a global action. So far, this attack has affected hospitals and businesses across the UK as well as in other countries.
The attack began yesterday on Friday and, according to observers, we have not seen a similar one since it seems to have affected at least 74 countries.
Attack orchestras promote the WannaCry ransomware, which locks computer files.
Please note that this ransomware is based on one of the NSA's exploit recently leaked by the group Shadow Brokers.
Attackers to infect computers with WannaCry use one exploit windows which was embraced by the tool EternalBlue of the NSA. Microsoft has already released an update for this vulnerability, but many users and organizations did not bother to update their systems.
Malware infects one computer, exploiting an SMB file sharing vulnerability. Older versions of Windows are more affected by this, especially since Microsoft no longer supports Windows XP or Windows (server) 2003.
"Today's ransomware attack on the NHS, Telefonica and others in more than 70 countries is unprecedented in what we have seen so far from ransomware attacks. "Based on what we've seen today, it looks like this attack is perfect and uses unspecified vulnerabilities in conjunction with Ransomware encryption," said Travis Farral, Director of Security Strategy at Anomali and former ExxonMobil security supervisor.
Security researchers from Malwarebytes believe that this malicious software is very dangerous because it locks the files with RSA-2048 encryption, which means it's virtually impossible to decrypt it without the attacker's key.
Fraudsters demand from their victims 300 dollars, a small amount if you think that the malicious campaign hits utilities and health care.
"We hope the affected companies will be able to quickly find their backups," say Malwarebytes researchers