One of the worst attacks on the cyberspace in the history of the internet was reported called WannaCry ransomware or WannaDecrypt. It is a ransomware attack and currently the infection has been reported from 150 countries of the world. The attack was reportedly launched on Friday 12th May, 2017. The spread of the ransomware is unprecedented and it is expected to spread to even more machines, despite the release of the protection updates.
The attack is targeting MS Windows operating system and the company has released updates even for its older versions like windows XP and Windows Server 2003 in a special move to secure the computer and to nip the further spread of the already widely blown out cyber infection.
First let us learn what a ransomware is and then move on to the ransomware in question that is WannaCry.
What is ransomware?
Ransomware is a malicious software that will stop you from using your PC or your laptop. It will hold the files and programs on your computer from your use and ask you to do something before you can start working with them again. Thus keeping them for ransom and so the name ‘Ransomware’. The ransom usually is making a payment in the form of cryptocurrency bitcoins, pre-paid vouchers or premium priced text messages. There are three main things that a ransomware can do to your PC
- It can stop you from accessing windows operating system altogether.
- It can stop some apps from working.
- It can encrypt some files thus preventing the users from making any use of them.
Once the ransom is paid, whatever is being held is released but there are no garuntees. Sometimes the services held by the ransomware software are released after the payment and sometimes not. However if there is some sensitive data, then the victim is coerced into making the payment.
WannaCry Ransomware Attack
Although there have been ransomware attacks in the past, but an attack of such a magnitude had been never before seen. Millions of computers worldwide have been effected by the WannaCry ransomware.
How such an attack did begin?
The infected vector by the name of EternalBlue was released by a hacker group called The Shadow Brokers on 14th April 2017. After this and some other tools were believed to be leaked from the Eternal group that is considered to be a part of the National Security Agency or the NSA.
EternalBlue has the ability to exploit the implementation of a protocol released by Microsoft called the Message Server Block Protocol. Although Microsoft was aware of the issue and had released an updates patch to fix it but there are millions of thousands of PCs all over the world that still did not have the updates installed like the older versions of the OS.
The world wide attack began on 12th May 2017. The initial spread made use of the vulnerabilities in the network, making use of the phishing emails. It is an intelligent malicious ransomware and first checks the kill switch domain name. If not found then it continues with the encryption and not stopping here it utilizes the Server message block protocol and spreads even further.
Defensive measures against WannaCry Ransomware
Microsoft has released the updates fixing the SMB vulnerabilities in the OS and thus protecting your PC from the attack. Apart from the supported versions of the windows the following now unsupported windows version’s fix it patches have been released.
- Windows XP
- Windows 8
- Windows Server 2003
Make sure you install the updates ASAP.
Apart from Microsoft’s efforts what saved millions of other computers from the assault of the WannaCry Ransomware is the accidental discovery of the Kill Switch by a young IT blogger Marcus Hutchins who blogs under the name of Malware Tech. He is working with the GCHQ now to protect against another attack. Although the details are not known completely. The kill switch slows down the spread of the ransomware to a great deal thus protecting a huge amount of machines from being infected.
Do you think an attack of such a huge magnitude is scary for the world? Who do you think might be behind WannaCry? Share your views by commenting below.