The WannaCry ransomware attack that spread around the globe over the weekend didn’t affect MENA region. Although security experts say the malware could still spread, most of the known victims are in Europe. Russia seems to have been the hardest hit with over 70% of targets known so far.
Meanwhile, medical operations at UK’s National Health Service (NHS) were disrupted as the organizations reeled from a large-scale attack on its IT systems.
The attack began on Friday when cyber-criminals tricked victims into opening malicious malware attachments to spam emails that appeared to contain legitimate invoices, job offers, security warnings etc., or what is known as social engineering. The ransomware encrypted data on victim computers, demanding payments of $300 to $600 to restore access.
According to a detailed write-up on the Wana ransomware published Friday by security firm Redsocks, Wana contains three bitcoin payment addresses that are hard-coded into the malware. One of the nice things about Bitcoin is that anyone can view all of the historic transactions tied a given Bitcoin payment address. As a result, it’s possible to tell how much the criminals at the helm of this crimeware spree have made so far and how many victims have paid the ransom.
A review of the three payment addresses hard-coded into the Wana ransomware strain indicates that these accounts to date have received 100 payments totaling slightly more than 15 Bitcoins — or approximately $26,148 at the current Bitcoin-to-dollars exchange rate.
The exploit was patched by Microsoft on March 14. It appears however that many organizations have not yet installed the patch.
The attackers seem to have employed hacking stolen from the U.S. National Security Agency and leaked by the Shadow Brokers group earlier this year.