Other affected companies are starting to pay the ransomware ransomware

A while ago the CCN-CERT (national cryptographic center) reported a massive ransomware attack that is affecting a large number of Spanish organizations. This rawswere affects Windows systems by encrypting all its files and those of the network drives to which they are connected, and infecting the rest of Windows systems on the same network.

Other affected companies are starting to pay the ransomware ransomware.

The ransomware is a version of WannaCry that infects the machine by encrypting all its files. This is possible since it uses a remote command execution vulnerability through SMB and it is distributed to the rest of Windows machines that are on the same network.

The affected systems are:

Microsoft Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2012 and R2 Windows 10 Windows Server 2016

Are there people who are paying the ransoms?

It seems that yes, we are seeing a lot of movement in the Blockchain. We have had access to information about the portfolio to which the Bitcoins payment must be sent, which appears in the source code:

We have visited blockchain.info and we have found a total of 5 payments to that bitcoin portfolio worth $ 1, 565.30.

What is the current number of attacks?

According to information from Avast they have detected more than 30, 000 attacks worldwide, the red zones are the most affected, but this infection continues to grow.

We know that many companies or individuals are suffering an attack on port 445, which is the samba port in Windows and that is used to share files on the network.

Here you can see some reports of the Firefaware where we can see that the vulnerability that is being exploited Eternalblue that was an exploit of the nsa that was released by Shadow Brokers. Exactly for this attack an improved version of it is being used.