A large cyber-attack using a ransomware program WannaCry have reportedly infected more than 230,000 computers in 150 countries demanding ransom payments in the cryptocurrency bitcoin in three days since May 12, 2017.
According to intel.malwaretech.com, Tajikistan has also been included in the list of countries affected by the WannaCry cyber-attack. The cyber-attack reportedly infected three computers in Tajikistan demanding payment of 300 U.S. dollars.
Recall, the attack has hit companies and other organizations, from Russia to Australia, and Europol estimates there have been 200,000 victims in at least 150 countries.
The Guardian reported yesterday that the hackers remain undetected but are believed to have so far gathered only $42,000 in ransom payments from about 100 victims. This is expected to rise as the malware threatens that the ransom will double if victims fail to pay $300 in bitcoin currency within three days. It threatens files will be deleted if there is no payment within seven days.
Organizations across the globe are involved in what Europol described as a complex international investigation.
Cyber security experts say the malware could spread through computers with unpatched versions of Microsoft Windows. They have urged users to only run their computers in safe mode until they have checked that the update blocking the ransomware is installed.
WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting Microsoft Windows operating system. On Friday, May 12, 2017, a large cyber-attack using it was launched, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm. The attack has been described by Europol as unprecedented in scale.
WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems. Although a patch to remove the underlying vulnerability for supported systems (Windows Vista and later operating systems) had been issued on March 14, 2017, delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left many users vulnerable. Due to the scale of the attack, to deal with the unsupported Windows systems and in an effort to contain the spread of the ransomware, Microsoft has taken the unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards.
Shortly after the attack began a researcher found an effective kill switch, which prevented many new infections, and allowed time to patch systems. This greatly slowed the spread. It was later reported that new versions that lack the kill switch were detected.
