“The wave of infections that broke out last Friday hit home users, companies, public institutions and utility companies,” explains Tim Berghoff, G DATA Security Evangelist. “When the WikiLeaks document was published, we already expressed our concern that this information would be used by cyber criminals for attacks if they get access to it. The success of WannaCry has already overshadowed the wildfire effects of other ransomware such as Locky and CryptoLocker.”
WannaCry: Ransomware attacks companies and private users across the world
G DATA security experts publish constantly updated analyses and give recommendations to those affected on what to do.
Criminals using NSA tools
The incident also confirms some fears that arose as a result of the WikiLeaks revelations. Clearly criminals have managed to use a tool in the armoury of a secret service for criminal purposes. An exploit called “Eternalblue” is part of a collection of files from NSA sources that was made public in April by the “Shadow Brokers” hacker group. Other tools were also part of this leak - if this trend is repeated, use of more secret service tools by cyber criminals can be expected.
Install security updates promptly
The incidents dramatically show what the consequences can be if updates are not installed in good time. The security hole exploited here was closed by Microsoft back in March - even so, WannaCry was a success. Government organisations, companies and private individuals should very quickly give thought to how they can close the respective security holes. IT managers in companies should check the use of patch management to enable updates for every computer in the network to be rolled out swiftly.
There are constantly updated analysis results from G DATA security experts in the G DATA Security Blog.