1.) First ransomware attack May 12th 2017.
2.) It used an SMB vulnerability to spread inside networks.
3.) The vulnerability was patched by Microsoft.
4.) The exploit known under the name “ ETERNAL BLUE” , was released as part of a leak of NSA tools.
5.) Thousands of computers were affected all over the world in various different kinds of organizations as well some home users.
6.) This attack spread through Emails and Exposed port 445 running SMB ( File Share Windows ).
7.) Files were encrypted.
8.) The ransomware will also install a backdoor to access the system remotely via port 445 ( Double Pulsar , also part of the NSA tool set ).
We received a notification from a user , that a computer is infected with ransomware and the screen shows a message requesting a ransom payment.