Ransomware based on leaked NSA tools spreads to dozens of countries

A ransomware attack seemingly based on leaked NSA hacking tools is spreading like wildfire among unpatched Windows systems worldwide. Early reports suggested it was targeted at the UK’s National Health Service, but it’s clear now that the attack is a global one, with thousands of computers apparently affected in Russia alone.

A Kaspersky lab analysis puts the number of infected computers at more than 45,000 as of early Friday afternoon, the vast majority of which are Russian (Ukraine, India, and Taiwan follow). The ransomware’s code makes it pretty clear that it’s taking advantage of an exploit called EternalBlue, published in April by the Shadow Brokers but patched preemptively by Microsoft in March.

More information can be viewed at the following links:

1. Ransomware based on leaked NSA tools spreads to dozens of countries

2. How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server