A cybersecurity bomb unleashed a massive ransomware campaignaffecting 200,000 computers, and numerous organizations, withthousands of infections in more than 150 countries including theUnited States, United Kingdom, and Russia.

The latest version of this ransomware variant, known as WannaCry, WCry, orWanna Decryptor, discovered May 12, 2017, by an independentsecurity researcher, spread quickly and led to ransom demands of.1781 bitcoins or roughly $300 U.S.

The worm attacks Windows vulnerabilities including medicaldevices and ATMs still using Windows XP. Among the organizationsreportedly hit were FedEx in the United States, the Spanish telecomgiant Telefónica, French automaker Renault, Chinese universities,the Germany’s railway system, Russia’s interior ministry, and ATMsin India. The most disruptive attacks targeted Britain’s publichealth system, resulting in rescheduled surgeries and some patientsdeclined emergency room care.

The software, which can run in as many as 27 differentlanguages, prompted an alert from the Department of HomelandSecurity through the United States Computer Emergency ReadinessTeam.

According to DHS and CERT, reports indicated the hacker orhacking group behind the campaign gained access to enterpriseservers either through Remote Desktop Protocol compromise orthrough the exploitation of a critical Windows Server Message Blockvulnerability. Microsoft released a security update for theMS17-010 vulnerability on March 14, 2017. Additionally, Microsoftreleased patches for Windows XP, Windows 8, and Windows Server 2003operating systems on May 13, 2017.

Report placed attack responsibility with The Shadow Brokers,which reportedly obtained and dumped National Security Agencyspyware over the past year.

"The latest Shadow Broker's release was probably the mosthigh-impact exploit drop we've seen in the last several years,”Mike Cotton, vice president, research and development forcybersecurity firm Digital Defense, suggested. “While earlier leaksfrom the Shadow Brokers focused on less common device services andthird-party software, the exploit drop released in the Apriltargeted core Windows operating system services and were likelyamong the crown jewels of the NSA toolkits.”

Cotton explained the ETERNALBLUE exploit developed by the NSAallows for reliable remote compromise of a wide variety of Windowsserver and client systems using nothing but network access as aprecondition. “It will remain one of the most heavily used exploitsin attacker toolkits for years to come."

Phillip Hallam-Baker, principal scientist, global cybersecurityfirm Comodo, said, “Ransomware is following the same trajectory asphishing. The criminals have worked out how to monetize the crime,and they know which types of business are likely to pay up, and howto collect the money without being caught.”

Hallam-Baker added it appears that the CIA breach acceleratedthe process. “Instead of having to develop their own zero-dayattacks, the criminals have use of an arsenal developed by expertsat developing cyber-weapons.”

“The U.S. government clearly had its priorities wrong,”Hallam-Baker, exclaimed. “Whether or not you think the U.S.government should be spending a fortune developing suchcyberweapons, surely it is obvious that the weapons they developshould be properly secured.”

Ransomware exists for the same reason other virusesexist, money, John Christly, Global CISO, Netsurion, a providerof remotely-managed security services and EventTracker, a SIEMprovider, expressed. “It is designed to prey upon the unsuspecting,but rather than suck data out of a network, it cuts to the chaseand asks for the cash up front.”

Christy also suggested, “We know that hackers are in constantpursuit of highly sensitive, personal data and that they areequipped with sophisticated methods to gain access to it. We alsoknow that ransomware is now an unfortunately uncommon attack trendthat cripples systems, even critical ones in hospitals, solely sothe hackers can collect a profit with minimal effort.”

“And then there is victim blaming, because auto-updates wereturned off which would have fixed this two months ago. Enough blameto go around for everyone. Ultimately this is a sharedresponsibility, but IT people are carrying the heavy load here andoften do not get enough budget to get the job done right,” StuSjouwerman, founder and CEO of the Tampa Bay, Fla.-basedcybersecurity firm KnowBe4, noted.

Sjouwerman said, “Predictions are the infection is going to getworse, because now machines will be turned on that aren'tpatched.”