Kaspersky Lab has recorded more than 45,000 attacks of ransomware in 74 countries around the world, mostly in Russia. The multinational cybersecurity and anti-virus provider’s Global Research and Analysis Team said in these attacks, data is encrypted with the extension “.WCRY” added to the filenames. The attack by the ransomware, dubbed “WannaCry,” is initiated through an SMBv2 remote code execution in Microsoft Windows. The exploit, codenamed “EternalBlue,” has been made available on the Internet through the Shadowbrokers dump on April 14, 2017, and patched by Microsoft on March 14.
“It’s important to understand that while unpatched Windows computers exposing their SMB services can be remotely attacked with the ‘EternalBlue’ exploit and infected by the WannaCry ransomware,” Kaspersky Lab’s Global Research and Analysis Team noted in a web posting. “The lack of existence of this vulnerability doesn’t really prevent the ransomware component from working. Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak.” The WannaCry malware encrypts the files and also drops and executes a decryptor tool. The request for $600 in Bitcoin, a cryptocurrency, is displayed along with the wallet.