This vulnerability affects most desktop and server editions of Microsoft Windows.
Many organisations and networks in over 150 countries were crippled by the recent WannaCry ransomware outbreak. Quick Heal Technologies Limited has announced that it detected over 48,000 MS-17-010 Shadow Broker exploit hits responsible for ‘WannaCry ransomware’ outbreak in India. A dump of MS-17-010 Windows OS vulnerability was made public by the notorious Shadow Broker group on 14th April, 2017. Systems which did not apply a patch update for this vulnerability were affected by the WannaCry ransomware which uses wormlike behaviour to affect vulnerable systems on the network.
Among the attempted attacks by the malicious WannaCry ransomware, 60% were targeted towards enterprises and 40% towards individual customers. Quick Heal and its enterprise security brand, Seqrite, successfully detected this ransomware activity and cleaned the malicious file responsible for file encryption from all the attacked systems. The top five cities impacted by the WannaCry ransomware in India are Kolkata followed by Delhi, Bhubaneshwar, Pune, and Mumbai. The top five states with maximum detections are West Bengal, Maharashtra, Gujarat, NCR (Delhi), and Odisha. The company received over 700 distressed calls regarding the spread of this ransomware.
Sanjay Katkar, MD & CTO, Quick Heal Technologies Limited, said, “This ransomware outbreak has brought to fore the importance of robust cybersecurity solutions for individuals and businesses alike. Cybercriminals are not discriminating while attacking and spreading malware. India is getting hit hard by such attacks as India has a large number of Windows users who do not have proper security patches applied and rely on inadequate internet security. Our observation is that the attack is not focused towards any particular industry but it is widely spread across industries especially those organisations which are online and connected. In the last few days, we have received distressed calls from customers belonging to verticals like education, banking, financial, manufacturing, health care and even from few services sectors.”
Soon after the ransomware attack was spotted, Quick Heal Security Labs issued an advisory informing customer on ways to reduce the risk of infection by WannaCry Ransomware. The company recommended that all Microsoft patch updates are applied for vulnerabilities used by this ransomware. Security software must be kept up-to-date with latest signature updates. Taking regular back up of important data and periodically checking the backup restoration process is critical. Users were also advised to avoid clicking on links and opening attachment in emails from unknown and suspicious sources. Quick Heal has also organised a webinar to educate businesses on how to protect their organization from the WannaCry Ransomware on Wednesday, May 17th at 4 pm.
Earlier this month, Quick Heal Security Labs released Quick Heal Threat Report for Q1 2017 and had detected 10 new ransomware families in Q1 itself. The report had predicted evolution of ransomware and increase in ransomware attacks in the coming quarters.