Security News Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak

frogboy

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica — one of the country's biggest telecommunications companies — has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomware's reach.

The culprit for these attacks is v2.0 of the WCry ransomware, also known as WannaCry or WanaCrypt0r ransomware.

WCry ransomware explodes in massive distribution wave
Version 1.0 of this ransomware was discovered by Malwarebytes researcher S!Ri on February 10 and then spotted in a brief campaign on March 25 by GData security researcher Karsten Hahn.

Version 2.0 was detected for the first time around four hours ago by independent security researcher MalwareHunter. The security researcher says the ransomware came out of nowhere and started spreading like wildfire.

In these first four hours, WCry 2.0 made more victims than Jaff, a ransomware spotted this week distributed via the Necurs botnet, the former home of the Locky ransomware. In numbers, in just four hours WCry made 1.5 times more victims than Jaff did all week.

Currently, researchers weren't able to pinpoint the exact origin of the WCry distribution campaign. At the moment, it could be from malvertising, exploit kits, email spam, or hand-cranked RDP attacks.

WCry outbreak making high-profile victims in Spain

Read More. Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak
 
  • Like
Reactions: Fritz, ElectricSheep, Solarquest and 10 others
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,878
It must have happened because some employee wanted to view a certain document sent to him by email claiming he got a parcel waiting for him in the local post office filled with God knows what hidden jewels:D. Just kidding.
Nowadays Ransomwares are getting pretty much the king of Malware family.
I personally don't find Ransomware that scary (because of the backups both online and offline), also maybe because I have never been hit by one till now.
What I truly find scary are the keyloggers in those damn Rootkits (worst part is that you don't even know that you have been screwed over:p). I was hit by one several years ago, and had to change every damn password I had ever used online on that pc:(
Rootkits were one of the reasons why I switched to 64 Bit OS.
 
  • Like
Reactions: ElectricSheep, Handsome Recluse, Solarquest and 9 others
N

Nuno

Level 2
Verified
Feb 26, 2016
98
Afaik the most affected countries are Spain, Portugal and the UK.
So far it's confirmed that Spanish "Telefonica", Portuguese "Portugal Telecom" and a UK Hospital were attacked. With Telefonica, the Ransomware spread to Chilean and Argentinian Telefonica subsidiaries. However, I don't think these have affected the customers in any way.
There are also rumors about it having reached several iberian banks even though it's not known for sure.
Finally I've heard some really sketchy rumors about people claiming it was putting the ATM system at risk but I don't believe that's the case.
 
  • Like
Reactions: frogboy, harlan4096, Der.Reisende and 1 other person
Winter Soldier

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
The fact is that every device connected to the Internet is a potential attack vector.
Of course the security technology exists, but only rarely it is fully used. This often depends on the availability of money to invest in infrastructure and quality, but also and especially by the “sensitivity”, towards a culture of safety and a level of awareness on the risks and threats to which the company is exposed.
The IT manager, if present, must always be "up to date" on the best strategies to adopt for the protection of data, information, networks, and systems. The companies choose in many cases to entrust their IT security to external companies but it is always more difficult to deal with advanced attack scenarios that exploit vulnerability and weakness of the individual users.
 
  • Like
Reactions: Sunshine-boy, frogboy, ElectricSheep and 3 others
brod56

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
rockstarrocks said:
It must have happened because some employee wanted to view a certain document sent to him by email claiming he got a parcel waiting for him in the local post office filled with God knows what hidden jewels:D. Just kidding.
Nowadays Ransomwares are getting pretty much the king of Malware family.
I personally don't find Ransomware that scary (because of the backups both online and offline), also maybe because I have never been hit by one till now.
What I truly find scary are the keyloggers in those damn Rootkits (worst part is that you don't even know that you have been screwed over:p). I was hit by one several years ago, and had to change every damn password I had ever used online on that pc:(
Rootkits were one of the reasons why I switched to 64 Bit OS.
Click to expand...

Joking or not, most ransomware network infections are started because someone opened a stupid e-mail :)
 
  • Like
Reactions: ElectricSheep, orphyone, askmark and 2 others
orphyone

orphyone

Level 1
Verified
May 11, 2017
25
orphyone said:
Just a thought, BTC or Bitcoin has skyrocketed to $1760.46 USD from $1200 a few weeks ago. Methinks this to be related (not NHS but outbreak on whole).

And a Bitcoin Is Now Worth...
Click to expand...

Actually the more I think about this the more it makes sense since Ransomware payments are in BTC usually, it would make sense to drive BTC up to crazy levels then carryout a huge Ransomware campaign for massive amounts more profit.
 
  • Like
Reactions: Nuno, Der.Reisende, frogboy and 1 other person
Game Of Thrones

Game Of Thrones

Level 5
Verified
Well-known
Jun 5, 2014
220
if you look at the evidence here, many security apps that rely on machine learning(I know some of the machine learning is just a hype and ad)show that they could have prevented this from happening, look at virus total even though that many companies detect without showing the detection in virus total, but even at the first stage IMO big companies like trend or Symantec that have more data to proccess than the others show promising performance in detection and prevention. specially Symantec which you can see in recent reports that they really upped their detection based on behaviour and analysis or CROWDSTRIKE , SentinelOne,... . so I think if they used something good in security industry I'm not goona say they would not be affected but the damage control was easier and the area of effect would be much less IMO.
 
  • Like
Reactions: Nuno, ttto, Der.Reisende and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
AstraLocker ransomware shuts down and releases decryptors
Replies
1
Views
883
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
REvil ransomware gang's web sites mysteriously shut down
Replies
0
Views
1,275
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Thanks
    • +Reputation
Ziggy ransomware shuts down and releases victims' decryption keys
Replies
3
Views
1,978
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top