Cyberattack details
Wanna Cry works by encrypting all the data on a computer system by changing file extension names to '.WNCRY'. The malware then displays a window informing users that their files have been encrypted and that they can be recovered in lieu of a payment made in bitcoin. The window is accompanied by two timers - one counting down to a certain time after which the ransom amount will be raised while the other warns of the time after which users' files will be gone for good.
Interestingly, Microsoft released a patch for the EternalBlue exploit just a few weeks before Shadow Brokers made the NSA-developed vulnerability's existence public. However, it is possible that several computers around the world, most likely including the ones targeted in yesterday's cyberattack, had failed to update their systems with the Microsoft patch.
Responding to Friday's cyberattack, Reuters reported Microsoft saying that it was pushing out automatic updates to defend Windows systems from the Wanna Cry attack.
"Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt," a Microsoft spokesman said in a statement. more