Massive Global Ransomware Attack

By JJ Bollozos

A cybersecurity attack of global proportions...

As of this afternoon, cybersecurity company Avast reported a ransomware attack, known as WanaCrypt0r 2.0, has been detected over 57,000 times across 99 countries. Of note, the attack has allegedly infected a large telecommunications company in Spain, hospitals across England, and a shipping company based in the U.S., as well as other companies throughout the world. According to the New York Times, the ransomware was included in a compressed file sent via email that would infect a victim’s device once it was opened. 

In general, ransomware locks and encrypts files on a victim’s computer or device so that he/she can no longer access the files. The hacker typically leaves instructions for the payment of a certain amount of money, a “ransom,” in return for unlocking/decrypting the files. 

WanaCrypt0r 2.0 is a malware designed to lock files in Microsoft Windows-based environments and, according to Avast, is seeking the payment of at least $300 in Bitcoin to decrypt the files (with the price goes up the longer the victim waits to pay). WanaCrypt0r 2.0 is suspected to have been developed from the ETERNALBLUE exploit released earlier by another group of hackers, ShadowBrokers, who claimed ETERNALBLUE was stolen from the NSA’s hacking tools. Microsoft previously released a patch to fix these exploits; however, companies that have not installed the patch are still vulnerable to this attack.

If you have further questions regarding cybersecurity, please contact the author or a member of Polsinelli’s Privacy and Data Security team.