British hospitals, large Spanish companies and Italian universities: ransomware attack has claimed victims around the World. The ransom is $300
The whole World is under a hacker attack. The morning and afternoon attacks in Spain and Great Britain were by no means isolated or unconnected cases. Behind these ransomware attacks we find WannaCry, a malware as dangerous as it is good at replicating and spreading. In just a few hours, in fact, the ransomware virus was “spotted” in as many as 100 countries and was able to infect tens of thousands of machines.
The victims are large telephone companies, small and medium-sized enterprises, universities and research institutes. In short, WannaCry really doesn’t look anyone in the face. Dalle primissime ore di venerdì, migliaia di internauti in tutto il mondo hanno iniziato a postare sui social network immagini e screenshot dei messaggi comparsi sui loro monitor: una richiesta di riscatto di circa 300 dollari per poter tornare in “possesso” dei file archiviati sul disco rigido del proprio computer. Resta ora da capire chi si nasconda dietro l’attacco e quali le reali intenzioni: molti esperti, infatti, si chiedono se oltre alla mera estorsione possa esserci qualche altra ragione ad aver spinto gli hacker ad aver agito in questo modo.
Cos’è WannaCry, il virus cryptolocker che ha causato l’attacco
Fonte foto: Twitter
La mappa delle infezioni
Secondo le prime informazioni a disposizione, l’attacco nasce da un cryptoransomware, un virus che blocca l’accesso ad alcuni (o tutti) i file del computer infettato utilizzando la crittografia: per “avere indietro” i suoi contenuti, l’utente dovrà pagare un riscatto (solitamente in Bitcoin).
WannaCry, il malware utilizzato nel corso di questo attacco, nasce in seguito alla diffusione di dati e informazioni della NSA (National Security Agency, l’agenzia per la sicurezza nazionale degli Stati Uniti) da parte di WikiLeaks. Gli hacker sono partiti da ShadowBroker, una delle armi informatiche utilizzate dalla NSA per spiare i propri obiettivi in tutto il mondo, per realizzare uno dei ransomware più virali e perniciosi mai comparsi sinora. In pochissime ore, WannaCry ha fatto migliaia di vittime, con Russia, Ucraina e Taiwan tra i Paesi più colpiti. As mentioned, the virus seems to have made famous victims also in Italy: some universities have been affected and they have seen the message of ransom appear on the computer screen: to get their data back, it is necessary to pay 300 dollars in bitcoins.
A flaw in the operating system
According to experts, WannaCry would use a flaw in the Windows Smb Server, which Microsoft has already fixed last March. This means that companies’ computers had not been updated for at least a couple of months and were exposed to all possible forms of attack. Once again, companies are vulnerable to hacker attacks due to a lack of knowledge on the subject.
Never pay the ransom
So far, the dynamics of the attack and how it managed to spread in such a short period of time are still unclear, but it is likely that the main cause is some phishing emails that convinced employees of companies to click on some links. If your computer gets infected, the only way to get your data back is to pay the ransom. But even if you pay, it is not certain that the hackers will keep their word and unlock the computer. Therefore, it is better to stall and hope that some cybersecurity expert manages to decrypt the ransomware and releases a key to “free” the computers.
How to defend yourself against ransomware attack
For those who are afraid of being hit by ransomware, the advice is to download the MS17-010 patch and install it on your computer. In this you are immune from the Wannacry attack, which is making thousands of victims all over the World.