On May 12, FortiGuard Labs began tracking a new ransomware variant that spread rapidly throughout the day. It is a highly virulent strain of a self-replicating ransomware that has impacted such far-flung organisations as the Russian Interior Ministry, Chinese universities, Hungarian and Spanish telcos, and hospitals and clinics run by the British National Health Services. It is especially notable for its multi-language ransom demands that support more than two-dozen languages.
This ransomware is being referred to by a number of names, including WCry, WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. It is spread through an alleged NSA exploit called ETERNALBLUE that was leaked online last month by the hacker group known as The Shadow Brokers. ETERNALBLUE exploits a vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) protocol.
If you think you or your organisation are victims of ransomware, Mach One can assist you in checking your systems and getting you back up and running. We can also help you become more secure to prevent future attacks, including implementing and documenting an incident management plan.
Please Contact Us for more information.