WannaCry ransomware hit fewer than 10 US victims, DHS says

While security experts were expecting a second wave of attacks this week, the outbreak has begun to slow.
By Jessica Davis
10:39 AM
Share
WannaCry ransomware

The U.S. Department of Homeland Security received notification from fewer than 10 U.S. victims of the WannaCry ransomware campaign that crippled the U.K. National Health Service over the weekend, according to Reuters.

No federal government agencies were affected during the attack, a DHS official told Reuters.

Globally, the WannaCry campaign hit 300,000 victims from more than 150 countries, which disrupted services at hospitals, schools, universities and major businesses. China and Russia were some of the countries hit hardest by the attacks.

[Also: WannaCry highlights worst nightmare in medical device security]

The attacks appear to be slowing down, despite many experts expecting a second wave of attacks this week. Many variants and copycat versions of the virus have appeared on the dark web in response to the successful disruption of Friday’s initial attack.

The WannaCry ransomware strain is thought to be part of April’s massive NSA leak from cybercriminal group Shadow Brokers. On Tuesday, the group threatened another massive data dump for next month that will contain web browser, router and handset exploits, as well as newer exploits of Windows 10 and compromised network data from the nuclear programs of North Korea, Russia, China and Iran.

[Also: How US healthcare spent the weekend protecting against WannaCry]

Three security firms have found connections between WannaCry and malware used by the Lazurus Group, which has ties to North Korea. Google Security researcher Neel Mehta first tweeted the connection between the code of WannaCry and Lazurus’ Contopee backdoor on May 15.

Symantec, Kaspersky Lab and BAE Systems have found similar connections in the code, language use and program type used to write the code. While this in no way confirms the association, it can’t be excluded.


  Learn more about keeping your data safe.  Webinar: Preventing and Dealing with Ransomware Attacks June 15, 2017.  Register here.


Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn