A few weeks ago, on Monday 4th November 2019, Spain was hit by a wave of ransomware attacks.
Victims included national radio station SER, and major IT consultancy Everis.
The attackers reportedly asked Everis for a €750,000 ransom to get a decryption key to unlock their files.
BlueKeep exploit to blame?
It is believed that the attack involved the exploitation of the so-called Bluekeep vulnerability, which we reported on back in July.
First announced by Microsoft in May, BlueKeep can be exploited to trigger remote code execution in targeted systems, then drop malware such as ransomware or cryptomining. At the time, Microsoft took the unusual step of releasing patches for unsupported platforms, saying “Given the potential impact to customers and their businesses, we made the decision to make security updates available for platforms that are no longer in mainstream support”.
So, why is BlueKeep still a threat?
Well, since May, related BlueKeep security vulnersabilities have been reported to affect newer Windows version, including Windows 7 and Windows 10, as well as the older versions.
Then, in September, a Metasploit exploit of BlueKeep was announced to have been released into the public realm. (The Metasploit framework is a very powerful tool, designed for use by ethical hackers to probe systematic vulnerabilities on networks and servers, but which can be used by cybercriminals as well).
How to stay safe
Because this vulnerability has the potential to cause large-scale disruption (similar to the WannaCry attack in 2017), and is being taken very seriously by both Microsoft and global governments alike, it is worthy of your attention too.
The best thing you can do to protect your computers is:
- use supported software
- make sure that you keep up to date with new security patches as they come out.
datamills customers using our baseline Secure services are protected by several advanced technologies at multiple attack stages. These detect and help to block BlueKeep exploit attempts, putting you in the best position for keeping your system safe.
If you don’t have security in place, give us a call (0114 287 0510) to chat about it – we can offer a free half hour assessment, and will be only too pleased to see how we can help.