WCry, WannaCry, Wana Decrypt0r. I’m sure at this point you’ve heard something about what the industry has dubbed the largest crypto ransomware outbreak in history. Following its debut yesterday afternoon, a lot of facts have been flying around. Here’s what we know, and don’t know.
WCry has currently made a measly $25,000
The spread of WCry was slowed by the actions of an “accidental hero” who registered a “killswitch” domain name he found in the code.
But, it only takes a small edit of that code, and a re-release to get the thing spreading like wildfire again.
It’s been featured in many public places, such as a train station in Frankfurt…
…in high street stores…
…and in academia.
It is reportedly super-easy to reverse engineer.
Microsoft has released a patch for Windows XP because of this malware…
…to the relief of many…
…including the guys running the Trident program.
Even Microsoft haven’t figured out the initial entry vector.
In case you were wondering, yes, F-Secure’s products block the WCry ransomware trojan. In fact, we block multiple mechanisms in the infection vector. Here are the WCry-associated detection names our systems have reported so far:
Here’s where we’ve been blocking it.
As a final note, the usual advice still applies. Patch your systems. Don’t run XP. And don’t click “enable content”.
You can also check out our other blog post about this outbreak.