“WannaCry” first discovered on Friday, May 12th2017, had spread to an estimated 57,000 computers in more than 150 different countries around the world by the end of the day. Some experts said the threat had receded as of Sunday, in part because “MalwareTech” registered a domain that he noticed the malware was trying to connect to, limiting Wanna Cry’s spread. Microsoft also issued emergency security patches for a range of Windows versions. But the Hackers updated the software to another variant which spreads more rapidly and creating more havoc. Infact, second variant doesn’t have a kill switch and is responsible for 50% of all attacks .Last week, an unprecedented malware attack began sweeping the globe and the most severe malware attack so far in 2017. A new ransomeware called ‘Wannacry’ or ‘Wannacrypt’ has attacked a few big countries with Russia, Ukraine, and Taiwan being the top targets and created havoc by targeting sensitive industries like healthcare, banks. This is a scary type of trojan virus called “ransomware”, the virus in effect holds the infected computer hostage and demands that the victim pay a ransom in order to regain access to the files on his or her computer.
Let’s see, what is ransomeware wannacry. “Ransome” means a sum of money demanded or paid for the release of a captive. Ransomware is a malicious software that locks a connected device, such as a computer, tablet or smartphone and then demands a ransom to unlock it. The WanaCrypt 0r 2.0 bug, for instance, wants $300 to be paid in Bitcoins to unlock the affected computers. However, paying the ransom is no guarantee for getting the files will be restored and might just open up new attacks.
WannaCry works by encrypting most or even all of the files on a user’s computer. The software demands that a ransom be paid in order to have the files decrypted. The biggest threat with ‘Wannacry’ is that it’s more than just a ransomware; it can also be classified as a worm. Being a worm, the ransomware has the ability to spread to different systems running on the same LAN network or even spread through emails.
The purpose of a ransomware attack is to extort money from victims. It is a powerful attack because people may fear losing their documents and photographs and so may be more likely to pay. When it hits businesses and hospitals, there is extra pressure to get rid of the ransomware quickly. The government has said the ransomware outbreak at the NHS was not a targeted attack on the UK’s health service. It may be that the attackers created their virus without knowing exactly how far it would spread.
The malicious software used in the attack has the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system. Other factors were the large number of old, outdated software programs in use and often ineffective security systems. The hackers were using tools stolen from the U.S. National Security Agency and released on the Internet on 14 April through a dump by a group called Shadow Brokers. When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300. The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline of when the target will lose its data forever. It demands payment only in bitcoin, gives instructions on how to buy it, and provides a Bitcoin address to send it to.
Have you heard of Bad USB??? BadUSB, is a malware that can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Since BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. If cybercriminal professionals thought of a collaboration of Bad USB and Wannacry, the results could be even graver(We may not find the flaw at once and the whole hardware needs to be replaced after such an attack).
How to protect ourselves from the cyber attacks?? Self defence is always the prime choice. Following are some important steps to follow:-
- Keeping a back up is the safest and most effective way to deal with the threat.
- Regardless of which operating system you run, you should install any and all available security updates immediately.
- Individual users as well as organisations have been asked to apply patches to their Windows system(s) as mentioned in the Microsoft Bulletin MS17-010, which is marked critical
- Don’t open emails or links in e-mails from people even in your contact list. E-mail has proven to an effective carrier in the case of ‘Wannacry’ ransomeware
- Avoid downloading from websites that are not trustworthy; even attachments from unsolicited e-mails.
- Update Antivirus on all your systems and download Microsoft’s latest software patches. For unsuported Windows versions such as XP, Vista etc, the user can download the necessary patch from this link.
- Providing cyber-hygiene training to all levels of employees so that they dont click on phishing links i.e,Educate employees on identifying scams, malicious and emails that may contain viruses.
- Organisations connecting to the Internet through Enterprise Edge or perimeter network devices [UDP 137, 138 and TCP 139, 445] should block their SMB ports or disable SMBv1.
If u get affected then immediately, Disconnect from the internet to ensure there is no further infection or exfiltrating of data as the ransomware will be unable to reach the command and control servers. Set BIOS clock back in case the ransomware has a time limit associated to it as with WannaCry.
Do you wonder why ransome is asked in Bitcoins?? Ransomware often demands between 0.3 and 1 Bitcoins (£400 – 1,375), but can demand a payment denominated in dollars but made via Bitcoin. The digital currency is popular among cybercriminals because it is decentralised, unregulated and practically difficult to trace. Also all bitcoin transactions are visible on bitcoin’s public accounting ledger, known as the blockchain. I said difficult, not impossible to trace as the law enforcement in multiple countries will be looking for the culprits.
I think literally, this may not be a money-making scheme at all. Unlike more functional and automated ransomware attacks, the wannacry attack has probably the lowest profit margin, it might be someone trying to make a wake up call and I personally agree with Microsoft that the governments of the world should treat the WannaCry attack as “a wake-up call,” to consider the “damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. I think WannaCrypt could have been intended merely to demonstrate the moral hazard of governments that catalogue software vulnerabilities but do not notify software developers. Thus, WannaCrypt illustrated exactly what could happen if these vulnerabilities fall into the wrong hands. Always remember cybersecurity is a shared responsibility between tech companies and customers, the former relying on the latter to keep their critical systems updated, just as people rely on companies to put out secure systems. So its all about coperation..
In this era of big data, this is the next generation of malware, a more professional operation could improve on WannaCry’s techniques to inflict far worse damage. i.e a code that doesn’t have a killer switch can be catastrophic. This combination of a network-based self-spreading worm and the profit potential of ransomware won’t fade away, and we have to develop our own abilities to adapt and innovate in order to be better prepared for the next attack.