The Spanish Emergency Response Team (CERT)issued a warning on May 12 about the widespread use of ransomware WannaCry that affects Microsoft Windows systems (list of affected systems below). The malware, which is also called WCry 2.0 or WanaCrypt0r, has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections.
During the infection, the threat exploits a remote code execution vulnerability on affected systems, which allows access to the operating system without the need for authentication.
The threat actor is asking for $ 300 in Bitcoins to restore access to the files, and financial transactions have already been identified to the attacker’s Bitcoin wallets.
The exploit contained in WannaCry is based on ETERNALBLUE, which was part of the latest cyber weapon leak performed by the Shadow Brokers group on April 14, 2017. Since its first announcement last year, the group claims that the arsenal was stolen from the National Security Agency (NSA).
Microsoft has released a fix for the issue in a bulletin (MS17โ010) that is considered severely critical and posted on March 14, 2017.
The major advantages of the attacker in this incident are related to the fact that the vulnerability has been identified recently and, also, to network-based exploitation, which happens without depending on the user, unlike traditionally occurs in phishing-based ransomware attacks.
Press reports claim that the threat has already caused serious impacts on the operation of large companies such as Telefonica in Spain and the NHS in the United Kingdom.
Considering the behavior of the threat it is possible to determine that this is a critical issue, so we strongly recommend the installation of Microsoft patches on an emergency basis.
Systems Affected
Microsoft Windows Vista SP2
Windows Server 2008 SP2 and R2 SP1
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2012 and R2
Windows 10
Windows Server 2016
IOCs (to be confirmed)
Files
mssecsvc.exe
tasksche.exe
C:\TaskData\Tor\libevent_core-2-0-5.dll
C:\TaskData\Tor\libevent-2-0-5.dll
C:\TaskData\Tor\libeay32.dll
@[email protected]
@[email protected]
00000000.res
00000000.pky
00000000.eky
m.vbs
51941494583598.bat
SHA256
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
f01b7f52e3cb64f01ddc248eb6ae871775ef7cb4297eba5d230d0345af9a5077
51432d3196d9b78bdc9867a77d601caffd4adaa66dcac944a5ba0b3112bbea3b
35f05cb83c79ee76b126d6b0bdffffc4b6f1a7067621699fcdfa7110db47cd5b
6c77e67da7e0ad457e104eb15ad1e3cfe0243fb9458abaaa36ad62907c2f13e8
c916b96aaa85bf2e6e985f38e2a2e78f80ad94c573838cdbe4aabc8d0b429115
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
1a7123fbb6f27b920acde8571945c2e11297e91b7168afad58e9ee06232a40ef
58be53d5012b3f45c1ca6f4897bece4773efbe1ccbf0be460061c183ee14ca19
77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f
5cd126b4f8c77bdf0c5c980761a9c84411586951122131f13b0640db83f792d8
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa
2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
f8812f1deb8001f3b7672b6fc85640ecb123bc2304b563728e6235ccbe782d85
MD5
fefe6b30d0819f1a1775e14730a10e0e
800446ec5d8b6041f6b08693d8aa1d53
1274897100937415351a45d14d1570d3
e811362ba911ff4d65ac2aa2ea3a2125
f04b0690d850539b33f0d0f1c14d5e55
7e6b6da7c61fcb66f3f30166871def5b
e8ab186bafba6c1863f51a4e2ed72769
6ed47014c3bb259874d673fb3eaedc85
90f50a285efa5dd9c7fddce786bdef25
e5df3824f2fcad0c75fd601fcf37ee70
4fef5e34143e646dbf9907c4374276f5
8495400f199ac77853c53b5a3f278f3e
509c41ec97bb81b0567b059aa2f50fe8
7bf2b57f2a205768755c07f238fb32cc
7f7ccaa16fb15eb1c7399d422f8363e8
84c82835a5d21bbcf75a61706d8ab549
db349b97c37d22f5ea1d1841e3c89eb4
f107a717f76f4f910ae9cb4dc5290594
SHA1
6d461ff1eddb21957383f8840e55c9674b81efc2
39b9e242af021ee4daa31956f5e786f5d8f9d62c
b41b4e4c4b1ad352dbbc91a3a22f95bcdaccc461
9d912755518c2c3cebae88fc35d36b5d11c6f151
456c61b1ce3a7281f6489c509d285eb48fd774af
00f699cf9bbc0308f6e101283eca15a7c566d4f9
c0f18b56f233c4bd19b9b5c2ed61e8c7f19000d9
c9b29ba7e8a97729c46143cc59332d7a7e9c1ad8
54213da21542e11d656bb65db724105afe8be688
902418a4c5f3684dba5e3246de8c4e21c92d674e
47a9ad4125b6bd7c55e4e7da251e23f089407b8f
be5d6279874da315e3080b06083757aad9b32c23
51e4307093f8ca8854359c0ac882ddca427a813c
87420a2791d18dad3f18be436045280a4cc16fc4
bd44d0ab543bf814d93b719c24e90d8dd7111234
e889544aff85ffaf8b0d0da705105dee7c97fe26
IPs
202.205.99.58
144.164.229.119
182.35.47.171
176.224.108.136
205.236.19.149
25.178.43.53
102.229.120.205
21.179.145.18
88.147.146.188
101.208.25.1
107.193.178.59
56.54.252.11
75.122.73.254
46.192.71.116
163.227.70.213
110.27.193.250
207.47.161.203
55.177.207.140
22.141.227.209
214.222.65.37
96.84.87.170
158.93.156.167
162.28.242.148
18.151.16.81
129.253.239.150
36.29.206.78
210.35.248.130
50.20.29.90
151.22.37.94
132.106.5.32
30.0.40.87
4.101.18.158
168.103.36.90
216.78.159.126
137.176.178.129
37.91.98.102
6.118.20.203
200.109.165.99
166.54.62.180
149.50.190.185
57.196.23.186
152.107.95.61
131.224.163.18
184.195.16.223
185.19.196.74
68.235.43.207
116.9.28.237
211.156.37.154
102.210.143.50
193.200.201.160
175.167.45.24
172.238.16.116
168.70.38.3
44.212.112.159
58.11.107.200
205.227.105.170
162.155.130.2
19.35.172.97
131.87.77.5
116.168.27.85
171.69.83.182
201.242.119.19
139.208.16.216
5.225.123.187
136.87.154.38
13.6.119.22
13.240.101.202
99.62.95.249
183.224.202.19
142.119.113.147
210.198.199.47
167.175.118.216
61.221.0.228
209.33.250.226
136.42.250.190
68.87.85.214
206.5.112.241
110.153.23.216
116.172.113.157
164.215.181.22
33.67.210.159
36.201.150.172
37.150.230.131
19.68.174.176
182.143.156.248
99.36.189.52
122.104.98.30
174.82.205.144
212.102.133.217
150.14.112.63
139.223.66.59
204.5.220.102
57.158.114.171
156.222.183.123
150.207.190.209
198.243.125.155
199.186.193.46
138.134.102.124
90.219.232.57
81.54.18.174
205.247.164.146
121.75.147.202
205.143.222.251
144.173.4.98
214.89.183.80
60.103.182.203
65.147.36.49
123.17.112.106
126.1.232.215
140.102.61.240
102.226.234.186
99.10.236.176
74.45.18.165
217.63.97.131
4.206.60.133
43.149.104.145
18.135.4.223
184.117.30.107
176.86.155.226
134.38.23.98
143.196.106.137
221.57.241.133
223.233.88.120
88.116.154.210
120.63.98.224
143.206.202.17
79.51.239.24
77.51.87.34
37.59.164.0
170.87.84.34
18.145.99.199
31.32.225.221
99.32.34.161
80.187.153.5
53.107.176.73
43.6.83.123
105.33.233.124
152.10.114.52
65.16.27.70
100.108.81.136
215.44.123.3
33.139.54.44
54.127.0.213
135.80.218.165
185.93.145.194
157.155.117.251
4.167.199.122
22.173.221.154
134.138.43.156
95.99.29.42
122.17.252.20
14.187.50.89
93.63.105.96
215.10.227.16
192.120.114.154
38.29.234.148
121.178.76.79
64.130.249.253
138.232.177.206
22.103.120.210
3.212.84.247
49.172.59.200
41.195.65.233
105.95.167.232
139.203.35.170
15.68.6.12
135.202.47.91
145.173.9.183
157.139.120.173
172.118.10.190
139.182.47.170
170.80.158.150
43.240.97.13
188.208.205.169
196.6.12.0
210.219.217.78
198.215.171.33
88.9.223.110
7.90.97.153
215.82.175.151
13.54.209.118
34.49.188.124
209.100.238.214
195.167.30.17
107.73.92.30
156.20.77.9
68.67.67.150
187.136.34.218
26.140.154.130
130.254.220.183
47.243.238.154
115.83.25.253
182.84.195.95
108.162.169.247
216.121.18.91
91.86.43.76
28.206.185.250
99.207.121.14
195.5.252.121
106.94.72.63
85.45.27.241
128.211.17.18
215.159.208.41
210.135.66.138
1.53.154.149
34.38.80.97
144.232.91.176
203.130.167.189
187.218.76.180
152.166.53.219
208.91.90.188
195.177.37.93
111.194.23.4
114.96.80.85
141.25.94.113
129.215.80.68
15.171.52.149
194.91.36.75
173.97.50.48
13.164.179.15
217.76.232.171
15.140.173.8
200.74.132.81
133.24.91.126
85.206.8.136
174.203.168.61
86.23.31.200
217.194.40.14
80.58.176.167
190.77.78.136
92.69.40.236
83.195.175.197
48.46.65.100
207.75.174.248
102.54.236.82
132.180.230.113
69.167.62.145
188.86.42.18
121.51.226.197
160.122.115.240
155.211.199.237
149.7.183.63
122.155.29.248
48.163.14.145
135.238.140.4
39.241.147.141
59.195.43.115
155.132.47.120
180.181.119.127
11.197.176.247
75.222.136.56
34.208.117.164
26.177.225.76
192.17.185.139
2.63.191.229
132.145.3.104
112.242.5.228
110.136.47.126
77.223.157.231
73.225.217.61
6.51.134.228
25.243.131.249
88.82.36.169
135.23.1.16
137.43.2.177
8.219.139.78
122.12.121.76
68.232.17.234
49.174.116.154
129.152.174.230
206.13.122.86
5.25.169.63
150.1.120.62
113.96.229.154
71.190.57.170
209.42.120.239
85.205.88.18
119.185.34.10
42.180.31.148
153.25.242.224
110.44.23.246
135.251.223.83
207.87.38.170
214.32.219.150
217.43.119.19
20.32.100.159
186.81.208.61
100.181.96.39
14.219.85.66
223.12.254.137
21.1.83.27
190.91.134.112
210.79.8.35
16.154.253.245
126.77.209.114
107.190.54.149
212.214.162.170
12.105.6.217
28.199.248.163
6.22.176.56
114.236.156.252
180.147.161.163
149.195.190.210
156.59.160.235
5.243.252.5
201.70.158.152
64.74.139.102
87.110.183.152
210.70.38.42
19.133.209.146
67.163.71.96
6.25.1.129
95.213.143.216
178.234.84.3
65.132.74.166
42.108.24.101
63.92.234.205
164.106.11.243
180.1.226.146
211.211.208.54