ransomware Archives

WannaCry ransomware analysis: Samples date back to at least early February 2017

May 19, 2017May 18, 2017 by Sean Whalen

VirusTotal results showing the earliest observed sample of Wannacry ransomware

The WannaCry ransomware worm has spread panic and destruction as it infects hundreds of thousands of systems around the world; a rate not seen since the Blaster and Sasser worms of 2003. WannaCry — also known as WannaCrypt, WannaCryptor, WanaCrypt0r, WCry, or WCrypt — leverages vulnerabilities that Microsoft patched in the March MS17-010 Security Bulletin, after taking the unprecedented step of canceling the February Patch Tuesday.

While collecting samples of WannaCry, I found a sample that predates the worm version. The sample was compiled on February 9th, and uploaded to VirusTotal on February 10th. While compile timestamps can be faked, the closeness to the upload date suggests that the compilation timestamp is legitimate.

HHS: Ransomware encryption of ePHI is a HIPAA breach

September 4, 2016August 23, 2016 by Sean Whalen

Colorful shelves of paperrecords at a dental clinic Credit: Tom Magliery License: CC BY-NC-SA 2.0

As a growing number of medical facilities are struck by ransomware, the US Department of Health and Human Services (HHS) has published a fact sheet describing how businesses that process electronic Protected Health Information (ePHI) should defend against and respond to ransomware.

Prevent ransomware from succeeding with strategic defense-in-depth

September 4, 2016August 22, 2016 by Sean Whalen

Thoughtfully placed countermeasures can prevent ransomware like Petya, shown in this screenshot

Ransomware has become the weapon of choice for financially motivated cybercriminals. Individuals, hospitals, businesses, schools, police departments, and government agencies have all been victims of highly disruptive ransomware, resulting in ransom payments totaling at least $24 million in 2015, according to the DoJ and DHS. It doesn’t take much to start a ransomware campaign, and the returns can be extremely high. Fortunately, the steps to prevent ransomware from succeeding are equally simple and low cost.