The British National Health System (NHS) has been the victim of a massive ransomware attack that appears to be part of a global action. Until now, this attack has invaded hospitals and businesses across the UK and other countries.
The attack began yesterday on Friday and, according to observers, we have not seen a similar one since it seems to have affected at least 74 countries.
Attack orchestras promote the WannaCry ransomware, which locks computer files.
Let us mention that this particular ransomware is based on one of the exploit of the NSA that were leaked recently from the team Shadow Brokers.
Attackers to infect computers with WannaCry use one exploit windows embraced by NSA's EternalBlue tool. Microsoft has already released an update on this vulnerability, but many users and organizations have not bothered to update their systems.
The malware infects a computer by exploiting an SMB file sharing vulnerability. Older versions of Windows are more affected by this, especially since Microsoft no longer supports Windows XP or Windows (server) 2003.
"Today's ransomware attack that hit the NHS, Telefonica and others in more than 70 countries is unprecedented compared to what we've seen from ransomware attacks so far. Based on what we have seen today, it seems that this attack is perfect and uses obfuscation vulnerabilities combined with encryption Ransomware,” said Travis Farral, Director of Security Strategy at Anomali and former ExxonMobil security supervisor.
Security researchers from Malwarebytes believe that this malicious software is very dangerous because it locks the files with RSA-2048 encryption, which means it's virtually impossible to decrypt it without the attacker's key.
Fraudsters demand from their victims 300 dollars, a small amount if you think that the malicious campaign hits utilities and health care.
"We hope that the affected companies will be able to quickly find the backups them," Malwarebytes researchers report