Blog

The WannaCry Ransomware; What is it and How Does it Affect Us?

Last week, the WannaCry Ransomware took the world by storm in the form of a massive cyber attack that has hit over 200,000 Windows operated computers in over 150 countries in less than three days.

The attacks began on the 12th of May, 2017. It started spreading across Europe, hitting the Spanish telecommunications giant Telefonica, Britain’s National Health Service organizations and a lot of personal computers in Russia and Ukraine. The malware eventually spread to Asia and further on to America and is now regarded as a major cyber threat to organizations around the world.

WannaCry reportedly makes use of a “vulnerability” in Microsoft’s security system and was mentioned as part of a leaked stash of confidential NSA documents. An unknown group of hackers took advantage of this weakness, and created the ransomware. An accidental misclick can infect your computer and block access to your files.

The malware then demands a ransom in order to regain access to the blocked files, according to a screenshot that has surfaced on the internet. However, there is no guarantee that complying with the ransom demand will unblock the files.

What is Ransomware?

Ransomware is a type of malicious software designed to block access to a computer’s files until a ransom is paid for them in the form of a digital currency transaction. Most Ransomwares infect computers through phishing attacks when you visit an unreliable website on the internet. The latest WannaCry malware attack is the biggest instance of a Ransomware attack in history and has been declared a global cybercrime threat in a lot of major countries.

Other notable instances of Ransomware attacks in the past are Reveton (2012), CryptoLocker (2013) and FusoB (2015). Most of these ransomware attacks are the work of Hacker Groups looking to exploit weaknesses in cyber security systems and make money from them.

What is the WannaCry Ransomware and how does it spread?

The WannaCry Ransomware is a type of ransomware that the Equation Group exposed to the public, reportedly a part of the United States National Security Agency (NSA). A hacker group called The Shadow Brokers was deemed responsible for the leak and an unknown hacker group began using the malware for their own benefits, spreading it across computers in Europe.

The malware blocks important files on the computer by encrypting them, taking advantage of a vulnerability in the Microsoft Operating System’s security codes and gaining control over its files. It then demands a ransom in order to unblock the computer. The ransom demands payment in digital currency called bitcoin.

So far, there haven’t been any reported instances of the ransom being paid, so nobody knows if files are actually unblocked after payment. It is reportedly more likely to infiltrate computers running Microsoft’s older operating systems like Windows XP and Vista, but it can also affect modern operating systems through phishing attacks and accidental misclicks while browsing unreliable websites on the internet, leading to the ransomware being downloaded onto the computer.

WannaCry and other ransomware attacks are also known to spread through Microsoft Word or PDF documents downloaded through emails, which are generally infected when they are downloaded.

Who is responsible for the attack?

As of today, the hacker group responsible for this huge attack is still unknown, but this is apparently their second attempt at cyber-extortion. An earlier version of WannaCry surfaced back in February, demanding 0.1 Bitcoin ($177) as payment to unlock files. In this current attack, the WannaCry malware is reportedly demanding $300 worth of bitcoin currency from computers in large multinational organizations.

●Are the Shadow Brokers Connected?
Initial reports pointed out that the Hacker Group “Shadow Brokers” could be connected to the attack that put several countries on red alert since its discovery. However, this theory has been debunked. The Shadow Hunters were  responsible for the NSA leak, but experts claim that the current attack is the work of an opportunist developer who got access to the leak and took control of the malware.
Have there been any attempts to stop this attack?

Microsoft reportedly rolled out updates for all versions of its operating systems including outdated ones like Windows XP and Vista, for which it had officially ended support a while ago in a bid to counter this malware.

However, by the time the ransomware began to spread and Microsoft tried to launch an update to control the situation, it had already affected a significant number of computers in the world. This became a frustrating situation for Microsoft, as well as several large organizations that had effected computers. In some instances the computers were too slow to download and install the update.

On May, 15, 2017, a young hacker and a web researcher who runs a blog called MalwareTech accidentally stumbled across a supposed “kill switch” for the malware, which slowed down its progress temporarily. However, a few hours later, improvised versions of the malware without the kill switch began to circulate and spread. Thus, cybercrime experts around the world are operating on high alert, trying to find a solution to stop the attack.

What are the authorities doing to fight this attack?

The sheer scale of the ransomware attack means that several cyber crime police units around the world have been actively making attempts to trace the source and stop the attack for good. The mode of payment it uses to demand ransom, Bitcoin, is hard to trace – but not impossible. Similar ransomware attacks have quickly been stopped in the past, but not without leaving a trail of chaos in their wake.

Why were NHS (National Health Service) hospitals attacked first?

At least 42 NHS Hospitals across Great Britain and Scotland have been affected by the attack and have had to turn away emergency services due to the malware. This is not primarily because they are being specifically targeted, but because most of the computers in these hospitals run outdated Microsoft Windows XP operating systems. These operating systems are particularly susceptible to the infection.

NHS Hospitals in Wales and Northern Ireland are reportedly unaffected by the attack, but the affected hospitals are suffering major problems. The attack has created lots of frustration and anger, as hospital employees and patients are dealing with the fallout.

How many other Organizations have been affected by this attack?

Several major organizations around the world have been affected by the attack. Primarily, aside from the NHS, Spain’s leading telecom company, Telefónica, Romanian Carmaker, Dacia, The Romanian Ministry of Foreign Affairs, The Ministry of Internal Affairs of the Russian Federation, Nissan Motor Manufacturing Company UK and French Carmaker, Renault are among the biggest affected organizations. Here are few organizations hit by the ransomware.
●Automobile Dacia (Romanian Car Maker)
●Banco Bilbao Vizcaya Argentaria (Major Argentina Bank)
●Chinese Public Security Bureau (Chinese Government Body)
●Cambrian College (Educational Institution in Canada)
●CJ CGV (Multiplex Cinema in South Korea)
●Deutsch Bahn (German Railway Company)
●Dharmais Hospital (Indonesian Hospital)
●Faculty Hospital, Nitra (University Hospital in Slovakia)
●FedEx (American Multinational Shipping Company)
●Q-Park (Parking Garage Service, Belgium)
●Renault (French Carmaker)
●Russian Railways (Russian Railway Service)
●Sandvik (Swedish Engineering Company)
●São Paulo Court of Justice (Brazilian Court of Law)
●Saudi Telecom Company (UAE Telecom Giant)
●Sun Yat-sen University (Chinese Education Institution)
●Telefónica (Spanish Telecom Giant)
●Telenor Hungary (Hungarian Telecom Company)
●Timrå kommun (Local Swedish Municipality)
●University of Milano-Bicocca (Italian University)
●Vivo (Portuguese Telecom Company)

What are the Preventive Measures You can take during such an attack?

If you are running one of Microsoft’s modern operating systems like 8.1 or 10, install the latest microsoft updates and avoid downloading anything from the internet, especially documents from emails that are from affected organizations. Avoid visiting unreliable websites like Torrent sites, Music downloading websites and free streaming websites. A lot of these websites lead to single click redirects that could potentially download the malware.

If you are running an older version of Windows, immediately back up all your files, format your computer and install the latest Operating System with the latest updates. Ensure that your files are backed up so that you do not risk losing them in case of an attack. If you are running a computer that has already been affected by the ransomware, immediately stop trying to boot the computer and report it to the authorities.

Do not, under any circumstances, try to pay the ransom, as that does not guarantee that your computer will get unblocked. Such an incident is usually short lived and dealt with as soon as possible, especially when it reaches such a scale.

What are the experts saying?

Several experts have criticized security agencies and organizations like the NSA because of their habit of stockpiling important data like this in order to use it offensively in case the need arises. The source of the leak was the NSA and it has come under heavy scrutiny from Cybercrime Experts in the past two days because of the rapid, massive take over of the WannaCry malware.

The director of digital and cyberspace policy program at the Council on Foreign Relations, USA said that “the patching and updating systems are broken, basically, in the private sector and in government agencies”.

In addition, Segal said that governments’ apparent inability to secure vulnerabilities “opens a lot of questions about backdoors and access to encryption that the government argues it needs from the private sector for security”

British Prime Minister, Theresa May, stated as part of a damage control measure that the attack was not specifically against NHS outlets across the UK but an international attack.

Indian authorities have announced red alert in the country and most of India’s Automatic Telling Machines (ATMs), which run on Microsoft XP operating system have been shut down in order to prevent transaction hijackings and malfunctions.

James Scott from the Institute of Critical Infrastructure Technology stated that Health Care staff have no Cybercrime training and are known to “click on phishing links all the time,” as evidenced by the large number of healthcare institutions that have been affected by the attack.

Conclusion

What started off as a malware attack four days ago in Europe and Russia has now spread globally and is affecting more and more organizations at a rapid rate. It is making an impact on a lot of country’s major organizations and authorities are actively seeking measures to bring the situation under control. Until then, users are advised to use the internet with caution, and avoid unreliable websites and internet downloads until the situation can be brought under control.

You Might Also Like

No Comments

Leave a Reply