a few thousand vulnerable machines would allow for the widespread distribution of this malware on the scale and speed that we saw with this particular ransomware variant," Malwarebytes Senior Malware Intelligence Analyst Adam McNeil wrote. "Developing a well-crafted campaign to identify just. From there, WCry propagated from vulnerable machine to vulnerable machine inside local networks. The worm then used a modified version of "EternalBlue,"-the advanced SMB exploit that was developed by the National Security Agency and leaked by the Shadow Brokers group-to install WCry on vulnerable computers. Rather, according to a blog post published by AV provider Malwarebytes, it spread through a mechanism that scanned the Internet for computers with open Server Message Block ports. Don’t blame spamįurther Reading NSA-leaking Shadow Brokers just dumped its most damaging release yetAlso on Friday, researchers published convincing evidence that malicious spam e-mails played no role in initially seeding last week's ransomware worm. It's not clear if that means enterprises are less likely to patch or if there are other explanations. The Kaspersky figures are illuminating because they show Windows 7 圆4 Edition, which is widely used by large organizations, being infected close to twice as much as Windows 7 versions mostly used in homes and small offices. Instead, it now appears, the leading contributor to the virally spreading infection were Windows 7 machines that hadn't installed a critical security patch Microsoft issued in March In fact, researchers now say, XP was largely untouched by last week's worm because PCs crashed before WCry could take hold. The figures challenge the widely repeated perception that the outbreak was largely the result of end users who continued to deploy Windows XP, a Windows version Microsoft decommissioned three years ago. While the estimates are based only on computers that run Kaspersky software, as opposed to all computers on the Internet, there's little question Windows 7 was overwhelmingly affected by WCry, which is also known as "WannaCry" and "WannaCrypt." Security ratings firm BitSight found that 67 percent of infections hit Windows 7, Reuters reported. That's according to Costin Raiu, director of Kaspersky Lab's Global Research and Analysis Team, who spoke to Ars. By contrast, infected Windows XP machines were practically non-existent, and those XP PCs that were compromised were likely manually infected by their owners for testing purposes. Now that researchers have had time to analyze the self-replicating attack, they're learning details that shed new and sometimes surprising light on the world's biggest ransomware attack.Ĭhief among the revelations: more than 97 percent of infections hit computers running Windows 7, according to attacks seen by antivirus provider Kaspersky Lab. The outbreak prompted infected hospitals to turn away patients and shut down computers in banks and telecoms. Eight days ago, the WCry ransomware worm attacked more than 200,000 computers in 150 countries.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |