Experts at Kaspersky Lab have analyzed data and ensured the company's protection subsystem successfully detected at least 45 thousand infection attempts in 74 countries. Russia is the country most attacked.
Ransomware will infect victims by exploiting Microsoft Windows vulnerabilities. The exploit used is called 'Eternal Blue' and is available on the internet thanks to hacking action by Shadowbrokers on April 14, 2017.
Currently, Kaspersky Lab experts are trying to find out the possibility of decrypting the data that is locked because of the attack. However, the Russian cyber and anti-virus security company has advice to reduce the risk of infection.
The first step is to install an official patch from Microsoft that closes the vulnerability used in the attack. Afterwards make sure the security solution is enabled across the network.
When using Kaspersky Lab solution, make sure the activated solution includes the System Watcher feature, a proactive behavior detection component. Run the Critical Scan process in the Kasperksy Lab solution to detect possible infection as soon as possible.
"Reboot the system after detecting MEM: Trojan.Win64.EquationDrug.gen," Kaspersky wrote. Finally, use Customer-Specific Threat Intelligence Reporting service.
For information, WannaCry enters the hacked toolkit to download data encryption software. After that malware will encrypt the file and request a ransom in Bitcoin to open it.