Yet Another Ransomware Attack

Tuesday saw a second major malware attack in as many months, affecting several countries, dozens of major companies, and thousands of machines.  And nobody believes it will get better any time soon.

If this malware attack sounds like last month's WannaCry ransomware attack, that's because it is.  Just like WannaCry, cyber ambush uses the same backdoor exploit developed by the U.S. National Security Agency, an exploit known as EternalBlue, which malware programmers have modified so that it not only spreads and infects computers, it also encrypts the data on vulnerable machines. And as ransomware pirates do,  the creators of WannaCry and the currently circulating malware demand ransom in exchange for the key to decrypt an infected machine's encrypted data.

There are differences between the two programs. Unlike WannaCry, which only encrypts files, this new malware encrypts the entire hard drive, including the boot blocks, rendering the computer useless after a reboot.  Another difference between the two programs is that unlike WannaCry, the new variant only scans network shares on the local network, not the entire internet.

What you can do to prepare for this and further attacks:

  1. Don't panic.
  2. Make sure if you are running Windows that your machine is patched up to date (and rebooted after the patches are applied).
  3. Make sure you have backups of your files somewhere safe.
  4. If infected, don't pay the ransom

Contact the CNS OIT Help Desk at if you have questions, need help, or want to verify your patch or backup status.

Written by CNS OIT staff
Questions or comments? The best and easiest way to contact us is via the CNS Help Desk form.


See also: ISO Alerts, Security