Did all of you catch the bit of news about the dreaded “Wanna Cry” ransom virus? Apparently it might have come from our own CIA/NSA.

Some speculation Wikileaks might be behind it…and who knows, maybe Eddie Snowden had a hand in it being released to the hackers of the world.

Hacker News. com - WannaCry Ransomeware That Is Hitting The World Right Now Uses NSA Windows Exploit

Ransomware Using NSA’s Exploit to Spread Rapidly

What’s interesting about this ransomware is that WannaCry attackers are leveraging a Windows exploit harvested from the NSA called EternalBlue, which was dumped by the Shadow Brokers hacking group over a month ago.

Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks.

The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. This is why WannaCry campaign is spreading at an astonishing pace.

Once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well.

“The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host” Microsoft says.

Infections from All Around the World