WannaCry ransomware by the Shadow Brokers another major blow for the NSA2017-05-17 10:56 by Philip
Tags: WannaCry, ransomware, NSA
The hacking group calling itself the Shadow Brokers has caused issues for the National Security Agency for months, auctioning off highly classified NSA hacking tools. In April, the group dumped a number of NSA's zero-day software exploits on the web.
All this culminated last Friday, when the WannaCry ransomware based on these exploits spread across the world, disrupting rail traffic, shutting down hospitals, etc. The WannaCry ransomware may be the biggest such attack in history, affecting more than 150 countries and major businesses and global organizations, including FedEx, Renault, Hitachi, and parts of the UK national health care system. It all started over the weekend, when Europol officials announced that some 200,000 computers have been affected by the malware. On Monday, the Chinese government, a Korean theater chain, and the Japanese Hitachi company all announced they have been affected. NPR reported on Monday that over 40,000 businesses have been hit.
The WannaCry ransomware, also known as WannaCrypt, Wanna Decryptor, or WCry used exploits stolen from the National Security Agency, according to the Microsoft President and Chief Legal Officer Brad Smith. He went on to compare the stolen NSA software to "the U.S. military having some of its Tomahawk missiles stolen." It may be worth noting that the WannaCry ransomware itself wasn't developed by the NSA, however, it is based on those leaked exploits and vulnerabilities, and another major blow in a series of trials for the NSA.
The WannaCry exploit has been patched by Microsoft for over a month, however, the success of the attack shows that not enough people and organizations have taken advantage of the security patches. The ransomware targets Windows computers, particularly older versions without the latest security patches and Windows XP. At this point, updating Windows with the latest security updates should be enough to avoid the ransomware. The security patch was in Microsoft's MS17-010 Security Bulletin released in March.