Kaspersky Lab researchers have analyzed the data and are able to confirm that the company's protection subsystems have detected at least 45, infection attempts in 74 shadow brokers bitcoin wallet, most of them in Russia.
Romania is among the 10 most affected countries. The ransomware program infects victims by taking advantage of a Microsoft Windows vulnerability described and resolved in Microsoft Security Bulletin MS The exploited exploitation, "Eternal Blue," was revealed in Shadowbrokers case on April Once they get into the system, attackers install a rootkit, which allows them to download the program to encrypt the data.
The malware encrypts files. Subsequently, there is a message asking for USD in Bitcoin, and the wallet, and the ransom increases over time," the quoted release said.
According to Kaspersky Lab experts, they are currently trying to determine if it is possible to decrypt encrypted data during the attack to develop a decryption tool as soon as possible.
In this context, the cyber security solution developer recommends a series of steps to reduce the risk of device malware such as: installing the official patch from Microsoft that solves the vulnerability used in this attack, activating security solutions at each network node, terminal scanning, system reboot procedure, if MEM is detected: Trojan.
The Romanian National Computer Security Incident Response Team CERT-RO announced on Saturday that a total of 10 Windows operating systems and servers are vulnerable to the new version of the "WannaCry" ransomware threat, which has led to numerous technical problems over the last 24 hours in several organizations and institutions around the world. It is forbidden to copy, reproduce, recompile, decompile, distribute, publish, display, modify, create derived components or products or full services, as well as any exploitation of the site's content.