GLOBAL CYBERATTACK: MORE THAN 50,000 CASES DETECTED IN COLOMBIA, ECUADOR, CHILE, BRAZIL, AND ARGENTINA

The ransomware that today infected a significant number of companies and organizations in more than 70 countries, including Argentina, "is spreading rapidly, with more than 50,000 attacks recorded to date," and exposes the lack of awareness that exists about the security of public infrastructures, according to specialists.

"Today, we have observed a large-scale attack by the WanaCrypt0r 2.0 ransomware (known as WCry), with more than 57,000 cases detected so far. According to the data collected, the cyberattack is aimed mainly at Russia, Ukraine and Taiwan, but it has also managed to infect very important institutions, such as many hospitals in England and the Spanish telecommunications company Telefónica," said Jakub Kroustek, a specialist at the company Avast.

The ransomware that today infected a significant number of companies and organizations in more than 70 countries, including Argentina, "is spreading. rapidly, with more than 50,000 attacks recorded so far", and exposes the lack of awareness that exists about the security of public infrastructures, according to specialists.

"Today, we have observed a large-scale attack by the WanaCrypt0r 2.0 ransomware (known as WCry), with more than 57,000 cases detected so far. According to the data collected, the cyberattack is mainly directed at Russia, Ukraine. and Taiwan, but it has also managed to infect very important institutions, such as many hospitals in England and the Spanish telecommunications company Telefónica," said Jakub Kroustek, a specialist at Avast.

As he explained in a report, "the first version of the WanaCrypt0r virus appeared in February, and is now available in 28 languages, from Bulgarian to Vietnamese."
"Today at 8 am in Central Europe (4 am in Argentina), we noticed an increase in the activity of this strain, which quickly transformed into a massive attack starting at 10 am," explained Kroustek.

Ransomware is a type of malicious code that, once it infects the device it is directed against, encrypts the information - files, texts, photos - and asks the victim to pay a "ransom" to decrypt it, usually through bitcoins.

In the case of WCry, when you turn on an infected computer, a message appears with instructions to pay the $300 ransom, an explanation of what happened and a countdown timer is displayed in what the cybercriminals responsible for the attack call "Wana Decrypt0r 2.0", said the Avast specialist.

The Avast report attributed the spread of this ransomware to tools developed by the National Security Agency. Security of the United States (NSA), which were stolen by "a hacker group called ShadowBrokers", which then disseminated them.

The existence of the Windows vulnerability - which the NSA took advantage of to spy - had been announced in March by Wikileaks, after which Microsoft released an insufficient security patch.

"Wikileaks is giving the world a weapon. It is also part of the entire leak that (former intelligence agent Edward) made. Snowden, with the NSA tools, which many people use. And although Microsoft patched it, that does not guarantee that it has been updated. Apparently the NSA had a hold on us all. We are looking at the past," Alexis Sarghel, a cybersecurity researcher, analyzed in dialogue.

As he explained, the power of this attack lies in the fact that "techniques and tools were added, and that was what made it so massive."

The specialist stated that It is "the largest attack known so far, at least what is public," and he announced that what was seen today "is not going to be the last: now in Chile and Brazil they are receiving notifications like crazy."

WCry hit hard in "Colombia, Ecuador, Chile and Brazil. And not all users report," Sarghel continued: "It is affecting a lot in neighboring countries while here they don't say anything." botnet - a network of infected devices -, so it is not possible to know where it comes from: "Who has control? It is not known, because the IPs (of the previously infected machines) can be directed from anywhere," he explained, and said that this type of platforms are sold on the deep web (or deep web) to the highest bidder.

For Sarghel, the most serious thing is the lack of awareness regarding critical infrastructure systems: "If large hospitals like the English ones do not take precautions, it is because there is still no awareness. If you have critical systems connected to the Internet, such as hospitals, it is already bad," he said, referring to the 16 British health centers affected today.