Super-expensive ransomware linked to online cybercrime market, say security researchers

Share this…


  • The hack targets computers worldwide running on Microsoft Windows 2003
  • It exploits a known flaw in the servers, triggering a buffer overflow
  • This allows hackers to remotely access the computer, and plant ransomware

Experts have warned that a devastating global cyber attack is imminent.

The hack, called ‘ExplodingCan’, targets computers running on Microsoft Windows 2003, which means that it could be used to attack 375,000 computers worldwide.

This puts it in the same risk category as last month’s WannaCry ransomware attack which caused mayhem around the world, crippling vital servers such as those used by the NHS.

ExplodingCan has been created by the Shadow Brokers hacking group, which was also responsible for the WannaCry attack, and attributed to an organisation linked to the NSA.

The hack targets Microsoft Windows 2003 servers running the Internet Information Services version 6.0 (IIS 6.0) web server.

According to Manchester-based security company, Secarma, ExplodingCan exploits a known flaw in the IIS 6.0 servers, triggering a buffer overflow.

This in turn can be used for remote access to the computer, and could allow hackers to plant ransomware in a similar fashion to the WannaCry worm.

Paul Harris, managing director of Secarma, said: ‘Ultimately this is in the same risk category as the WannaCry attacks.

‘It’s another way for cybercriminals and hacking teams to access your environment and, once they’re in, the internal parts of these systems are wide open to a variety of different attack vectors.’

And if you do find yourself a victim of the attack, not even Microsoft can help you, as the firm has declared Windows 2003 out of support.

Worldwide, there around 375,000 IIS 6.0 servers that could be vulnerable, although an exact number is difficult to pinpoint.

Mr Harris said that Secarma couldn’t test exactly how many systems were vulnerable without breaking UK computer security laws.

But the firm has shared its findings with the UK’s National Cyber Security Centre, and is advising users to update their Windows 2003 servers.