The attack stoked fears that the spy agency's powerful cyber weapons could now be turned to criminal use, ratcheting up cyber security threats to a whole new level. Sources have reported that computers are being locked due to these ransomware attacks in Gujarat, Mumbai, Hyderabad, Coimbatore and Bengaluru as well.
As MalwareTech noted in a blog post afterward, the ransomware was written to connect to an unregistered domain and "if the connection is not successful it ransoms the system, if it is successful the malware exits".
Microsoft issued a security update for its supported operating systems to patch the vulnerability in March, weeks before hacker group Shadow Brokers published the code of the alleged NSA tool. It also highlights the need to continually educate users about best practices to keep their data safe.
They exploited a ideal storm of factors - the Windows hole, the ability to get ransom paid in digital currency, poor security practices - but it's unclear if the payoff, at least so far, was worth the trouble.
There was no evidence on Monday of a second wave of attacks like the one that hit Friday, the BBC reports.
Experts cautioned, however, that the criminals who pushed the ransomware to the world might be able to disable the "kill" switch in future versions of their malware.
In any case, the attack has been identified by the cybersecurity firm Proofpoint.
"However, a Freedom of Information (FOI) request submitted by Motherboard to over 70 NHS Hospital Trusts revealed that thousands of NHS computers across the United Kingdom are running the outdated OS, potentially leaving confidential patient data vulnerable to attack". There is also reports of West Bengal State Electricity Distribution Company (WBSEDC) reporting detection of WannaCry ransomware virus in ten standalone computers.
Basic protocol such as stressing that workers shouldn't click on questionable links or open suspicious attachments can save headaches. There are jokes flooding messaging apps related to Ransomware.
The hacker group claims that it still has 75 percent of the the US' cyber arsenal, and could release tools that exploit browser, router and phone vulnerabilities, as well as compromised network data from Russia, China, Iran and North Korea. But the vulnerability affected older versions of Windows that Microsoft no longer supports, and there are still many people and organizations that don't regularly patch their systems. But older systems, including Windows XP which hasn't seen official support since 2014, were still vulnerable. He noted, however, the complexity that can be involved in patching a security hole.
Who's being targeted for blame?
For larger businesses with hundreds or thousands of employees, applying security updates organizationwide can be hard. System administrators should ensure that employees don't have unnecessary access to parts of the network that aren't critical to their work. "In many organisations, sad but true, the need for constant availability trumps security".
The security firm Kaspersky Lab, based in Russian Federation, noted that Microsoft had repaired the software problem that allows backdoor entry into its operating systems weeks before hackers published the exploit linked to the NSA, but also said: "Unfortunately it appears that many users have not yet installed the patch". Disclosing all of them is now more clearly in America's national security and business interests. Similarly, users should "avoid revealing personal or financial information in email, and do not respond to email solicitations for this information". Be very careful when you get an email with an attachment you did not ask for. You can also protect your system by installing updated anti-virus softwares which can detect if such virus is present in the mail.