Whether you call it WannaCry, WannaCrypt, WCrypt, Wanacrypt0r, WCry, or one of the other names currently vying for the "call me this" crown, the ubiquitous ransomware which brought portions of the UK's NHS to its knees over the weekend along with everything from train stations to ATM machines is still with us, and causing mayhem Worldwide. As a result, our regular roundup has been replaced with what will hopefully serve as a useful place to collect links related to the attack.
First thing's first: this was a big enough incident that Microsoft created a special patch for Windows XP users, some three years after it had the plug pulled on support. Regardless of Windows OS, go get your update.
Now that we have that out of the way, here's some handy links for you to get a good overview of what's been going on:
- A rundown by our good selves, detailing the spread and tactics used by this worm to deposit Ransomware globally.
- A deep dive into the Malware by one of our Malware research specialists.
- Watching the infection bounce around doctor's surgeries.
- How the purchase of a URL dealt a massive blow to the previously unstoppable spread.
- What happens when the URL purchasing White Hat is doxxed by the press.
- People are paying to retrieve files, but it seems they're taking quite a gamble.
- The Malware authors are processing decryption manually. If you pay, but they can't be bothered / their PC explodes / they're hauled off to jail, you're definitely not getting files back anytime soon.
- More problems: fake decryption tools. Misery begets misery.
- It may be down, but it most certainly isn't out with fresh infections still taking place.
- Accusations of an amateur hour operation, despite the problems caused so far.
- Another "kill-switch" domain has been registered, hoping to slow the follow-up tides of Ransomware related doom.
- The hunt is now on for the people behind it all. They've managed to annoy at least 3 major spy agencies, so good luck I guess.
- And finally...
The Malwarebytes Labs Team