Updated: UK hospitals are just some of the many organisations affected by a spate of ransomware infections which have been supercharged by using Eternal Blue exploit.
The ransomware attacks that forced hospitals across the UK to turn away patients are apparently part of a larger wave of ransomware infections worldwide.
As well as the UK, where the ransomware infections have resulted in NHS trusts cancelling operations, the fallout is being felt around the globe, particularly in Spain.
Spanish communications giant Telefonica said that a cybersecurity incident had affected the PCs of some employees on the company’s internal corporate network.
According to Spanish newspaper El Pais other firms in the country have also been affected.
Spain’s national CERT warned of a “ massive attack of ransomware “ and said the ransomware’s potency resulted from it exploiting a known software flaw called EternalBlue.
This is a Windows flaw that was part of an hoard of software vulnerabilities apparently collected by the NSA – but leaked by the so-called Shadow Brokers.
The vulnerability was patched in March by Microsoft. Spain’s CERT said that PCs should be patched to protect them from the vulnerability or isolated from the network.
Malware researchers have been plotting the spread of the ransomware, which apparently appeared today, reporting a number of incidents across Europe and further.
Allan Liska, senior solutions architect at security company Recorded Future said this ransomware first appeared on 31 March but the version that is rapidly spreading has some significant changes, using the vulnerability outlined in Microsoft Security Bulletin (MS17-010) , also known as EternalBlue.
„This means that once the ransomware gets into a network it can spread quickly through any computers that do not have that patch applied. The worm-like capabilities are the new feature added to this ransomware, “ he saidl
„Given the relative ineffectiveness of the first version of WanaCypt0r, it is likely the author did not expect this type of success from the new campaign, which could cause problems for any organisation that attempts to pay the ransom.“
