New WannaCry Ransomware Attack Cripples Companies and Agencies Across the World

It seems impossible that just a few weeks after the WannaCry Ransomware debacle in May there could be another serious compromise leveraging the same exploit. 

That’s right. Researchers say last Tuesday’s attacks used a Windows flaw called EternalBlue to spread through corporate networks. WannaCry also leveraged the EternalBlue exploit, which was leaked as part of a trove of hacking tools believed to belong to the NSA. Microsoft issued patches for the exploits back in March.

Microsoft said it found that the ransomware is using multiple techniques to spread, including one that was addressed by the security patch released in March. It is continuing to investigate.

Here’s what I want to know

We have known vulnerabilities and exposure points within our infrastructures and yet organizations continue to fail to do the obvious. Why? Why would we not prevent the known bad?

This is the easy part of cybersecurity. No analysis. No Zero Day. No discerning how they will get in. No fancy tools or security products to protect. Just patch your systems for the known vulnerabilities.

Here are UTG we are adamant about patching, testing and training. We believe we can mitigate 95-98% of your risk with this approach.

More info on the attack

Affected companies include:

  • British advertising agency WPP (WPPGY)
  • Russian oil and gas giant Rosneft
  • Russia’s Chernobyl nuclear power plant
  • Global shipping company FedEx
  • Danish shipping firm Maersk
  • U.S.-based pharmaceutical company Merck (MRK)
  • Global snack company Mondelez (MDLZ, owns Oreos, Cadbury and many more)

The Moscow-based cybersecurity firm, Group IB, estimated last Tuesday that the virus affected about 80 companies in Russia and Ukraine and confirmed the ransomware infects and locks a computer, and then demands a $300 ransom to be paid in Bitcoins.

According to Cisco Talos, the ransomware initially infected MeDoc, a piece of Ukranian accounting software. MeDoc then sent an infected file to customers. It spread to other computers on companies’ networks by leveraging software holes (that are patchable, mind you). This ransomware was much more advanced than WannaCry, according to Craig Williams, senior tech lead and security outreach manager at Cisco Talos.

Although Ukrainian officials confirmed a possible link to MeDoc, the company denied its software spread the infection, saying in a Facebook post that an update sent out last week was free of viruses.


Brian Miller

Brian Miller

Brian was co-founder and president of United Technology Group, LLC (UTG), acquired by Coretelligent in 2019. As the SVP of Business Development for the Southern Region, he leads our sales efforts in this crucial geographic region. Brian’s background consist of leadership roles in sales, marketing and business development.

Tags: ,