Announcement of 16. May 2017

WannaCry: Ransomware attacks companies and private users across the world

G DATA security experts publish constantly updated analyses and give recommendations to those affected on what to do.

The ransomware WannaCry has crippled companies not just in Germany but across the world - even critical infrastructures such as hospitals and energy suppliers have been affected. Deutsche Bahn has also been one of the prominent victims of the cyber attacks. The infection mechanism in WannaCry involves an exploit that was discovered by US secret service the NSA. The extortion Trojan gets onto computers via a security hole in the Windows operating system. Microsoft did in fact close the vulnerability with an update back in March 2017. IT managers and private individuals now need to respond immediately and install security updates as quickly as possible. G DATA customers are protected against WannaCry.

“The wave of infections that broke out last Friday hit home users, companies, public institutions and utility companies,” explains Tim Berghoff, G DATA Security Evangelist. “When the WikiLeaks document was published, we already expressed our concern that this information would be used by cyber criminals for attacks if they get access to it. The success of WannaCry has already overshadowed the wildfire effects of other ransomware such as Locky and CryptoLocker.”

Criminals using NSA tools

The incident also confirms some fears that arose as a result of the WikiLeaks revelations. Clearly criminals have managed to use a tool in the armoury of a secret service for criminal purposes. An exploit called “Eternalblue” is part of a collection of files from NSA sources that was made public in April by the “Shadow Brokers” hacker group. Other tools were also part of this leak - if this trend is repeated, use of more secret service tools by cyber criminals can be expected.

Install security updates promptly

The incidents dramatically show what the consequences can be if updates are not installed in good time. The security hole exploited here was closed by Microsoft back in March - even so, WannaCry was a success. Government organisations, companies and private individuals should very quickly give thought to how they can close the respective security holes. IT managers in companies should check the use of patch management to enable updates for every computer in the network to be rolled out swiftly.


There are constantly updated analysis results from G DATA security experts in the G DATA Security Blog.


Announcement of 16. May 2017


G DATA Software AG
G DATA Campus
Königsallee 178
D-44799 Bochum

Phone: +49-234-9762-239

Contact person:
Daniëlle van Leeuwen

Phone: +31 20 8080835