On Friday, May 12, a massive cyberattack spread around the world’s computers. In just a few minutes, it had appeared in 99 countries, crippling the U.K. hospital system and hundreds of other systems but not doing much damage to U.S. companies.
Dubbed the WannaCry infection, it began with an attack through email, through a .zip file. When people clicked on the file, it spreading through internal networks using a P2P exploitation of SMB (Server Message Block) known as EternalBlue, explained ThreatTrack Security, Inc.
“The files are being dropped by a worm which abuses SMB, a network file sharing protocol. Other aspects of the malware leverages file-less exploitation techniques, and the malware is morphing rapidly in the wild with over a dozen variants seen thus far,” the company said.
The file extension used is .wncry, which drops a ransomware notification named: @Please_Read_Me@.txt in common file and folder locations.
Earlier this month, independent researchers scanned the internet and deemed there were 150,000 internet-accessible computers open to this vulnerability.