The Day of Ransom: Mass Infection with Wana Decrypt0r
More than 60,000 computers were attacked and infected with a virus-extortionist Wana Decrypt0r. Wana Decrypt0r authors use the ETERNALBLUE exploit created by the NSA specialists for a vulnerability in SMBv1 (MS17-010) to deliver malicious code to Windows systems. The virus encrypts all files on the computer and requires a ransom of $ 300 in bitcoins. The payment has to be given in three days. Then the amount is doubled.
The group of experts on cyber security MalwareHunterTeam claims that the most affected servers in Russia and Taiwan suffered as a result of the attack. Other countries also came under attack: Great Britain, Spain, Italy, Germany, Portugal, Turkey, Ukraine, Kazakhstan, Indonesia, Vietnam, Japan and the Philippines.
Microsoft closed this vulnerability in March. But, apparently, not all had time to update their systems. You can see the real-time infection report here: https://intel.malwaretech.com/botnet/wcrypt
As a means of protection, it is recommended to update the Windows system urgently (if you did not do it for some reason), use the firewall detection and blocking tools, etc.
For example, you can do this with the following commands:
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"