70%+ of US Wanna Cry Malware Exposure Linked to 35 ISPs

35 Companies Could Stop 70% of U.S. Vulnerability to Wanna Cry & Double Pulsar Attacks

Wanna Cry, the malware that encrypts a targets machine and spreads from computer to computer using a leaked NSA exploit showed that the number of U.S. compromised targets more than doubled from Monday to Tuesday of this week.  The exploit, code named Double Pulsar, allows for attack and practically automated compromise of any unpatched target computers within range that has port 445 open.

Further dissemination of this malware could be majorly contained if the following 35 Internet Service Providers / Web-hosts took proactive measures to shut down communications on the vulnerable ports of their clients, who may be completely unaware that their hosted computers are vulnerable to attack or possibly even compromised already.

If you know anyone at these Internet Service Providers or Web Hosts, please share this with them and inform them they should check shodan.io and query port 445 to see which of their machines have their shields turned off to this relatively automatic compromise vector.  The issue isn’t just the Wanna Cry Malware, but more so, the ease of exploiting port 445 to permanently take over a machine without any action required by the victim, and then silently persist.  Infection could remain well past remediation of the encrypted lost files unbeknownst to the user or IT staff if the malware attack is combined with other leaked cyber weapons such as the Hacking Team’s Remote Control Systems or the CIA’s After Midnight, both of which have leaked and been disseminated to the bad guys.

The leaked cyber weapons allow for a computer, tablet or smart phone to be compromised on-board the hardware components, such that even completely reformatting and reloading the operating system or even doing the same on a new hard drive does not remove the hardware based root kit.

Here is the list I compiled as of this morning for all U.S. computers reported by Shodan.io with the vulnerable port 445 exposed publicly.

Top 35 Hosts / ISPs with Largest Number of Computers Exposing Port 445

ISP / Web Host Total Number of Computers With Port 445 Open % of Potential Vulnerable ISPs
Enzu 74,103 14.84%
CloudRadium L.L.C 42,746 8.56%
Nobis Technology Group, LLC 35,449 7.10%
SpeedVM Network Group LLC 30,547 6.12%
Psychz Networks 25,411 5.09%
Global Frag Networks 17,710 3.55%
EGIHosting 13,621 2.73%
ColoCrossing 13,176 2.64%
Peg Tech 12,435 2.49%
Amazon.com 10,200 2.04%
SoftLayer Technologies 7,293 1.46%
Take 2 Hosting 6,392 1.28%
QuadraNet 6,094 1.22%
Ubiquity Server Solutions Los Angeles 5,964 1.19%
YHSRV 5,695 1.14%
Microsoft Azure 5,462 1.09%
Heng Tong 4,722 0.95%
Zenlayer 4,662 0.93%
Sun Network (Hong Kong) Limited 4,018 0.80%
SingleHop 3,006 0.60%
eSited Solutions 2,955 0.59%
Krypt Technologies 2,795 0.56%
Time Warner Cable 2,700 0.54%
University of Washington 2,451 0.49%
Sharktech 2,392 0.48%
Cox Communications 2,184 0.44%
MegaPath Corporation 2,077 0.42%
Alibaba 1,970 0.39%
Limestone Networks 1,862 0.37%
Fairpoint Communications 1,772 0.35%
CenturyLink 1,360 0.27%
Cloudddos Technology Co.,limited 1,179 0.24%
WholeSale Internet 1,162 0.23%
All Other ISP Web Hosts 143,837 28.80%
Total Computers Exposing port 445 in US 499,402 100.00%

* Data captured from shodan.io as of 5/17/2017 8:30 AM CST

Facebook Comments

Be the first to comment on "70%+ of US Wanna Cry Malware Exposure Linked to 35 ISPs"

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.