Cyber-attack hits 74 countries with UK hospitals among targets – live updates
Yeah, they're saying it's from one of the NSA/shadowbrokers dumps. So some sort of legit exploit. But, as mentioned, most of were patched a while ago anyway, so I heard.
So it's a matter of not updating. Guessing at a lot of the targets, I wouldn't be surprised if they were still running XP (like the large supermarket chain I work for. Fun times ahead!)
Some Krebs for further info
An alert published by Spain’s national computer emergency response team (CCN-CERT) suggested that the reason for the rapid spread of Wana Decryptor is that it is leveraging a software vulnerability in Windows computers that Microsoft patched in March.
According to CCN-CERT, that flaw is MS17-010, a vulnerability in the Windows Server Message Block (SMB) service, which Windows computers rely upon to share files and printers across a local network. Malware that exploits SMB flaws could be extremely dangerous inside of corporate networks because the file-sharing component may help the ransomware spread rapidly from one infected machine to another.
It's early days but it looks like it did get in via email initially. Which is something of a relief I guess. What we're left with is why this sudden explosion? That'll be interesting.
Telling people not to open attachments is such a hard lesson sometimes though. In an office environment you can be strict. But other people, it's so much tougher. My mum and her friends forward around glurgey cat slideshows and motivational messages like it's 2003 all the time and she's got caught once or twice. The question becomes "I thought you just don't open unknown things from the bank? Why would Jill send me something bad?". And you have to explain that Jill might not know it's bad, or Jill might not even know at all, or it might not even be Jill. There are tell tale signs if you know what to look for but when people are sending random stuff to each other all the time and all addresses are merely different kinds of meaningless gibberish to someone it's a hard problem.
As some security wonks pointed out, this thing 'going viral' is going to backfire in a big way. Ransomware works by staying off the radar. Plenty of these places have been paying off these types of attacks pretty regularly for a while. But as long as it was just a couple of machines in one little business or doctor's surgery or whatever it wasn't worth anyone's while to chase down whoever is getting the bitcoins in any one case. The more sparse and individual the attacks the harder it was for law enforcement to build up solid picture too. Now friggen' everyone is gunning for these guys. Like, the entire world's security services at once.
There's always someone to blame in hospital admin for something.
Because they're awful.
Now as for the situation at hand.
"Today’s Massive Ransomware Attack Was Mostly Preventable—Here’s How To Avoid It"
That's common fucking sense at this point really. It's amazing how many people ignore that one.
Also, I updated my PC a few days ago so it looks like I'm safe.