A massive Cyberattack that seems to have source in Russia currently spreads the world. After first analysis by Kaspersky and Avast they think it’s a new version of the crypt locker WannaCry. The software requires a payment of 300$ in bitcoins to release the encryption key, and blackmails the owners that the key would be deleted in few days if not being payed.
Following the latest updates, the ransomware meanwhile successfully attacked more than 75.000 PCs in 100 countries worldwide. Analysing the ransoware, a way to stop spreading seems to be found. According to some press, a security expert noticed a domain being accessed from the ransomware and registered this. After activating that domain the ransomware stopped spreading. Seems some routine stops its work when the domain could be contaced.
In general, this new attack was made possible after some NSA documents were leaked. NSA knew about this security issue for several times, but did not inform the software vendor, keeping millions of PCs unsafe. After the documents were leached, the vendor released a patch for this issue very shortly, which is available since March. Following current situtation, several PCs have yet not installed that update.
Before you now say “user’s fault – why dont install the update?” keep in mind that according to current information big companies or public organisations are affected. Following the usual “update-mess” of some vendors (fix one issue but create two others at the same time) it is absolutely normal for todays administrators NOT to install a patch as soon as it’s available.