Hackers used stolen National Security Agency (NSA) tools to launch a massive ransomware attack across the world on Friday. The ransomware demands $300 in bitcoin to unlock the affected computers and if they fail to pay, their data will be deleted.
Program locked computers in thousands of locations, in more than 99 countries, including the United Kingdom, United State of America, India, China, Russia, Ukraine, Spain, Italy, and Taiwan.
India was among the three countries worst affected by the attack, actual impact assessment would be possible only on Monday when offices open, according to The Officials.
Security experts say the ransomware attack is exploiting the Server Message Block (SMB) critical vulnerability(MS17-010) that was patched by Microsoft on windows machines. Interestingly, Microsoft released a patch for the EternalBlue exploit just a few weeks before Shadow Brokers made the NSA-developed vulnerability’s existence public.
“This is a biggest cyberattack, impacting top organizations across world at a scale I’ve never seen before,” security architect Kevin Beaumont said.
Steps you should take to protect yourself against ransomware:
- Apply Windows update MS17-010.
- Disable the outdated protocol SMBv1.
- Add a rule on your router or firewall to block incoming SMB traffic on port 445.
- Enable Windows Defender Antivirus to detect this ransomware. (It identifies the ransomware as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update)
- Use Office 365 Advanced Threat Protection, which can block dangerous email threats, such as the emails carrying ransomware using its machine-learning capability.
- Monitor your network with Windows Defender Advanced Threat Protection.