A massive ransomware attack has been encrypting people's files with abandon all over the world today. Over 1000 organizations have been affected so far including the British NHS and Fedex. Researchers writing about the Wcry ransomware that is delivered in the attack claim that the delivery mechanism is part of the leaked NSA toolkit stolen by the hacking group The Shadow Brokers. The exploit leverages a vulnerability in the Microsoft Windows OS that was patched in March of this year.

A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent ShadowBrokers dump.

Researchers at Kaspersky Lab said the attackers behind today’s outbreak of WannaCry ransomware are using EternalBlue, the codename for an exploit made public by the mysterious group that is in possession of offensive hacking tools allegedly developed by the NSA.


EternalBlue is a remote code execution attack taking advantage of a SMBv1 vulnerability in Windows. Microsoft patched the vulnerability on March 14, one month before the exploit was publicly leaked. Spain’s Computer Emergency Response Team, Kaspersky Lab, and others are recommending organizations install MS17-010 immediately on all unpatched Windows machines....
https://threatpost.com/leaked-nsa-ex...ldwide/125654/

If you have not patched your Windows machines, now it the time to get it done. Also, if you are not sure of the provenance of an email or are not sure if you should click links in an email, don't.

Safe surfing all.