https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/

wcry copies a weapons-grade exploit codenamed Eternalblue that the NSA used for years to remotely commandeer computers running Microsoft Windows. Eternalblue, which works reliably against computers running Microsoft Windows XP through Windows Server 2012, was one of several potent exploits published in the most recent Shadow Brokers release in mid-April. The Wcry developers have combined the Eternalblue exploit with a self-replicating payload that allows the ransomware to spread virally from vulnerable machine to vulnerable machine, without requiring operators to open e-mails, click on links, or take any other sort of action.

Microsoft patched the underlying vulnerability in March, exactly four weeks before the Shadow Brokers' April release published the weapons-grade NSA exploit. The rapid outbreak of Wcry may be an indication that many, or possibly all, of the companies hit had yet to install a critical Windows patch more than two months after it was released.

That is pretty full on stuff and is going to effect a lot of innocent people. Shame on them for doing that it just so wrong on every level.

I wonder how prolific ransomware would be if bitcoin didn't exist, or any anonymous digital currency for that matter

Geektastic: "the ransomware exploits a vulnerability in Windows"

How to protect yourself? Hmmmmm.

Hello, welcome to Mac OSX....

The NSA leak also contained exploits for Mac OSX. Also, the best way to protect yourself no matter what OS you're on is to apply the latest updates.

Hopefully no Geekzone users computers are affected. That's because we all apply the latest patches from Microsoft as soon as they are released, right? The radio news this morning said Microsoft released a patch for this vulnerability in March.

I survived Sasser in the early 2000s and learned from it. It required ~1800 machines to be visited on sneaker net, patched and cleaned. This current worm would require machines to be rebuilt. Every server, every workstation. It has the potential to be pretty devastating to an organisation.

I am working at a place where the IT team have not experienced a worm outbreak, I hope they never have to.

I continue to be amazed at the number of major NZ organizations, including universities, still running Win7.  The larger the number of computers in an organization, the further behind they seem to be on OS software -- too hard basket?

"Weapons grade exploit" first time I ever heard that in use. Wouldn't a exploit the same as a consumer version?

cruxis:

 

"Weapons grade exploit" first time I ever heard that in use. Wouldn't a exploit the same as a consumer version?

 

in the same way that a 'weather bomb' used to be a 'storm'...

cruxis:

 

"Weapons grade exploit" first time I ever heard that in use. Wouldn't a exploit the same as a consumer version?

 

No, it comes with added Michael Bay and Jerry Bruckheimer explosions and it turns your IT department into something resembling NCIS or CSI ....... :)

cruxis:

 

"Weapons grade exploit" first time I ever heard that in use. Wouldn't a exploit the same as a consumer version?

 

They are meaning Eternal Blue was coded by professional NSA coders for nation state hacking, rather than by a dude living in his parent's basement.

mdav056:

 

I continue to be amazed at the number of major NZ organizations, including universities, still running Win7.  The larger the number of computers in an organization, the further behind they seem to be on OS software -- too hard basket?

 

It's not exactly a cheap, quick or simple exercise to upgrade OS at mid-large business level. W7 is still under support until 2020.