WannaCrypt

The WannaCrypt ransomware worm currently running wild across the globe infecting hospitals, businesses, rail stations, universities and telecommunications providers.

Microsoft has released emergency security patches to defend against the malware for unsupported versions of Windows XP, Server 2003 and other Windows builds. XP and Server 2003 have been out of support for some time now but many businesses have not upgraded or migrated to a supported platform.

WannaCrypt is installs itself on vulnerable Windows systems by exploiting a vulnerability in Microsoft's file-sharing services. The vulnerability - MS17-010, fixed in more modern versions of Windows, renders any such unpatched system vulnerable. Once infected, It spreads in the form of a worm across networks.

The NSA secretly exploited this bug to spy and control systems belonging to its targets. They developed a tool to do this codenamed Eternalblue, and this tool was stolen from them and leaked on line earlier this year. Using this tool, the perpetrator has created a variant of the ransomware WannaCrypt which once activated on a system, encrypts as many files as possible with a ransom demand of $300/$600 to decrypt the documents.

Another twist, is that the malware installs Tor and a tool called Doublepulsar which acts as a remote access mechanism. This tool was also stolen from the NSA!