Website Design | Web Design | Custom Website Design | Website Application Development | Web Development | Software Development
Back to Home
We are aware of a widespread ransomware attack which is affecting
several IT organizations in multiple countries. A new ransomware attack
called Wanna (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r and
Wana DeCrypt0r) is encrypting files and changing the extensions to:
.wnry, .wcry, .wncry and .wncrypt. The malware then presents a window
to the user with a ransom demand.
The ransomware spreads rapidly, like a worm, by exploiting a Windows
vulnerability in the Windows Server Message Block (SMB) service, which
Windows computers use to share files and printers across local networks.
Microsoft addressed the issue in its MS17-010 bulletin.
Analysis seems to confirm that the attack was launched using suspected
NSA code leaked by a group of hackers known as the Shadow Brokers. It
uses a variant of the ShadowBrokers APT EternalBlue Exploit (CC-1353).
It uses strong encryption on files such as documents, images, and
Sophos Customers using Intercept X and Sophos EXP products will also see
this ransomware blocked by CryptoGuard. Please note that while Intercept
X and EXP will block the underlying behavior and restore deleted or
encrypted files in all cases we have seen, the offending ransomware
splashscreen and note may still appear.
What is Wanna Ransomware?
A new ransomware attack called 'Wanna' (also known as WannaCry, WCry,
WanaCrypt, WanaCrypt0r, or Wanna Decrypt0r) is encrypting files and
changing the extensions to: .wnry, .wcry, .wncry and .wncrypt.
For the latest information about how to stay protected, refer to the
Sophos Knowledge Base article.
For additional information on this attack see the Sophos News blog