Second wave of ransomware attack targeting out-of-date Windows machines under way
‘I would say the real-world impact of this attack is going to be more substantial than WannaCry’ — senior vice president for cybersecurity at Proofpoint
The French news agency AFP is reporting that a new, second attack linked to last Friday’s WannaCry attack is in progress. Unfortunately, the only source for identifying the attack seems to be a single source — so, in other words, beware what you hear about it.
In any case, the attack has been identified by the cybersecurity firm Proofpoint.
Here is what they are saying to news agencies:
“It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.
“I would say the real-world impact of this attack is going to be more substantial than WannaCry,” Kalember told ABC News. “Ransomware is painful, but you can restore operations relatively quickly. Here, you have a huge amount of money landing in some bad people’s hands. That has geopolitical consequences.”
The firm is still working to establish attribution for the attacks, but Kalember pointed out that North Korean-backed Lazarus Group – the same hacker group linked to the WannaCry attacks – launched a similar cryptocurrency mining attack in late 2016.
The one consistent thing here is that it is Microsoft Windows that is vulnerable — or, at least, out of date versions of the operating system. Unfortunately, there are many systems that simply are rarely updated, such (believe it or not) many military systems. Then there are those built on top of a platform of pirated software.
Microsoft has already issued a warning to users that they need to update their software, and are also pointing to a page with instructions for how to disable Server Message Block as a temporary solution.
“In March, we released a security update which addresses the vulnerability that these attacks are exploiting,” Microsoft said last week. “Those who have Windows Update enabled are protected against attacks on this vulnerability.”
“We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download”
If I were on Windows, I’d take all this very seriously. Here is a video from Hacker News demonstrating how fast this ransomware gets distributed: