Recently, the British National Health System (NHS) has become the victim of WannaCry ransomware (also known as WCry or WanaCryptor), a very lethal computer virus that encrypts all the data from the infected computers. While the first infected systems were in UK, the virus has spread in other countries as well.
The attack took place on Friday (yesterday) and affected 74 countries (including UK, US, China, Russia, Spain, Italy and Taiwan), including 16 NHS trusts in UK, being the biggest in the history.
The WannaCry ransomware is based on an exploit harvested from the EternalBlue tool used for hacking by NSA and leaked a few months ago by the hacker group Shadow Brokers. Once a computer is hacked, it explores a vulnerability in the SMB file sharing. The most vulnerable computers are the ones with older operating systems and since the encryption is done with RSA-2048, the files cannot be decrypted without the hacker’s key.
The problem is that a lot of computers from public institutions still use Windows XP, a system which is very vulnerable to hackers, since it does not receive any more updates.
The losses were bigger than financial, this causing surgeons to cancel operations, because everybody was locked out of the system. For more information, see this Liliputing article.
The good thing in this is that Microsoft has released an update patch for all the supported Windows systems – Windows 7, 8.1 and 10 and the May 2017 updates should keep the users safe from this, if they have Windows Defender enabled with up to date signature database.
If you keep your Windows system up to date with the latest updates and keep Windows Defender updated and enabled, you are safe from this ransomware malware.
Unfortunately, this happened because government agencies like NSA or CIA keep vulnerabilities unknown for their own benefit.