Over 45,000 attacks of ransomware were recorded in 74 countries around the world, mostly in Russia. Kaspersky Lab, the cyber security and anti-virus provider’s Global Research and Analysis Team said, in these attacks, data is encrypted with the extension “.WCRY” added to the filenames.
The attack, called as ‘WannaCry,’ is initiated through an SMBv2 remote code execution in Microsoft Windows.
“It’s important to understand that while unpatched Windows computers exposing their SMB services can be remotely attacked with the ‘EternalBlue’ exploit and infected by the WannaCry ransomware,” said Kaspersky Lab’s Global Research and Analysis Team.
“The lack of existence of this vulnerability doesn’t really prevent the ransomware component from working. Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak.”
The WannaCry attack shows users that ‘payment will be raised’ after a specific countdown, together with another display raising urgency to pay up. It threatens that the user will completely lose their files after the set timeout. To ensure that the user doesn’t miss the warning, the tool changes the user’s wallpaper with commands on how to find the decryptor tool released by the malware.
Spain’s Computer Emergency Response Team CCN-CERT, posted an alert on its site about the attack. The National Health Service (NHS) in Britain also issued an alert. Kaspersky Lab team has confirmed additional infections in more countries, including Ukraine and India.