On the morning of the 12th of May 2017, we were alerted of a massive ransomware attack to several Spanish companies that affected vulnerable Windows operating systems. It has subsequently been confirmed that the attack has had worldwide repercussions, affecting many countries.
The objective of this attack is to encrypt all the data files and to request a ransom for its decryption. More specifically, for each decrypted computer, it asks 300$ to be paid via Bitcoin.
From the very early hours of the attack, our team of security experts indicated that the attack, called “WannaCry” or “WannaCrypto”, starts through a remote execution of code by using a hacking tool called “EthernalBlue”. This tool is part of a set that the Shadow Brokers organization on 14th May 2017 declared to have stolen from the USA National Security Agency (NSA). The analysis of the Panda Security lab has revealed that the attack exploits the SMB (MS17-010) vulnerability https://technet.microsoft.com/en-us/library/security/ms17-010.aspx and uses it as the method of spreading itself across the internal network.
We want to emphasize that customers using Panda Security solutions are fully protected against this newly released malware. In any case, at Panda Security we consider the application of the security patch https://technet.microsoft.com/en-us/library/security/ms17-010.aspx as absolutely critical to completely close the door to these kinds of attacks.