WannaCry malicious find security vulnerabilities and infect them within the organization by exploiting vulnerabilities published by the NSA stuff was stolen by a group of hackers known as The Shadow Brokers. Mainly exploited vulnerabilities targeting the SMB protocol that individual organizations have not patched in time, focusing on Win2k8 R2 and Win XP that this type of attack is different from the traditional is to use worms – programs self-cloning itself into computer systems and trick users into clicking malicious links and.
Photo tool NSA has been published |
Exploiting vulnerabilities EthernalBlue – Photo: ExtremeTech |
The sources said the cyber attack took place on a global scale, affecting about 90 countries, including Britain, the US, China, Russia, Spain, Italy and the regions of Taiwan, Vietnam and many other countries. As noted by the experts of the current Intel reported vulnerabilities in the two cities of Hanoi and Ho Chi Minh, the vulnerability can spread across the country.
Images taken from malwaretech shows have appeared in Vietnam |
Vietnam among the top 20 countries infected by WannaCry |
The image is uploaded to the social network to see the computer screen of the Service National Health England (NHS) appear message to pay 300 dollars Bitcoin with the statement: “Oh, your data was encrypted “. The message claims for payment within 3 days, otherwise the price will be doubled, and if money is not paid within 7 days, the data will be deleted.
According to experts, CMC, malicious code is mainly exploited vulnerabilities version of Windows Server 2008 R2, the version that a majority of businesses and government agencies Vietnam still using and Windows XP still exists Is no exception. Besides exploiting vulnerabilities mainly via SMB protocol to share files and printers to be used more in organizations and individuals around the world, thereby leading to a very high risk of spreading.
Furthermore, holes appeared recently, many organizations and individuals could not get the information in time to patch vulnerabilities, thereby leading to a very high risk for the infection of malicious code as well as broad-based ransomware.
CMC is conducting further analysis of the behavior of this ransomware and will continue to update continuously on WannaCry.
Experts recommend CMC sent to organizations, businesses and individual customers should:
– Immediately fix the security vulnerabilities of Windows servers, primarily EternalBlue vulnerability (MS17-010).
– Regularly backup the data and plans of the enterprise data backup
– Be wary of strange links. For enterprises should have a best individually to staff when they suspect mail remote unsafe.
– For individual users always install antivirus software on mobile phones and computers, especially the specialized software for data encryption malware.
By: ictnews.vn
Translated by Google