Widespread Ransomware `Wannacry´ Linked to NSA Exploit

According to many reports across the web, a string of ransomware attacks has infected thousands of businesses from 99 countries worldwide. Sources say over 75,000 users globally were affected because of leaked NSA exploit published by the hacker group the Shadow Brokers.

Also read: Why South Korean Bitcoin Adoption Could Outpace Most Other Countries This Year

Wana Ransomware Infects 75,000 Computers Worldwide

A massive epidemic has recently stricken in close to a hundred countries, with more than 75,000 detections of the ransomware called Wanacryptor 2.0 (Wana). According to the Avast security blog and Krebs on Security a significant portion of businesses targeted stemmed from Taiwan, the Ukraine, and Russia. Additionally, a string of hospitals from Europe was attacked, Chinese Universities, the UK’s National Health Service (NHS), and the Spanish telecommunications giant Telefonica.

The Wana software is a malicious protocol that encrypts an individual or company’s files and demands a ransom to unlock the content. Reports from the Financial Times and other news outlets say the tool is linked to the group the Shadow Brokers and the recently leaked NSA exploits. Krebs on Security also details the ransomware is spreading due to a backdoor in Windows software.

“There are indications the malware may be spreading to vulnerable systems through a security hole in Windows that was recently patched by Microsoft,” the security firm details.

Windows Vulnerability

Wana infects a computer using the extension WNCRY which is tethered to the encrypted files. Malware Hunter Team was the first to notice the Wana malware and told the public a few weeks ago. The attack not only encrypts files but also downloads the latest Tor client for ransomware communications. To unlock the computer’s files, some amount of bitcoin must be sent to an address provided by the software. According to CCN-CERT, the tool attacks a vector in the Windows Server Message Block protocol, which has enabled the ransomware to spread exponentially across 75,000+ operating systems globally.

There are over 100 strains of ransomware, but this particular case is being called the worst malware epidemic yet. One that also involves a Windows exploit allegedly crafted by the U.S. National Security Agency. So far reports detail a few businesses around the world are refusing to pay the ransom and some security groups believe a remedy will be found soon.

However, the attackers have so far accumulated at least 6.46 BTC (US$ 10,000) between three addresses hard-coded into the software. Investigators say they find it odd the attackers chose to use the same bitcoin addresses.

What do you think about the ransomware epidemic? Let us know in the comments below.

Images via Shutterstock, and Bleeping Computer.

At News.Bitcoin.com all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published.