It’s been a hectic day in the world. 99 countries were hammered with a ransomware attack against industries of all kinds. Over 75,000 machines were infected as of this afternoon.
What’s going on?
A relatively young piece of ransomware called WanaCrypt0r has been spreading rapidly since this morning. A variant of WanaCrypt0r, named WeCry, was originally discovered in February of this year .
What makes this piece of ransomware so prolific today is that it is packaged as part of an exploit tool called ETERNALBLUE that leverages a known vulnerability in Windows that was patched in March as part of Windows Updates. This was an SMB vulnerability (MS17-010), which allowed malicious code to travel from system to system. Older Windows systems that are no longer supported would not have received a patch, and many supported systems were simply not updated. Delays caused by compatibility testing and limited resources often leave systems unpatched and at risk.