Wanna Cry, a Cyber Attack demanding Ransom, is making the
nights of the Anti-Virus Programmers sleepless from two days.
Since its presence started (on May 12th, 2017), it spreads unprecedentedly
on a large scale affecting about 162 Countries. Many so called Tech
Countries like USA, UK are not exception for that.
Starting from the Scratch
Moreover the entire story has started in the US itself, NSA (National
Security Agency) the most well-known security agency for Secrecy and
Surveillance in US has found a major bug in the SMB Protocol (Server
Message Block) in Microsoft Windows Operating System and developed
a tool called ‘EternalBlue Exploit’ to attack the Windows Operating
Systems. A group of Hackers called Shadow Brokers has stolen this tool
from NSA before few weeks. Even though Microsoft has released a
security update on March 14, 2017 to resolve this vulnerability, many of
the users had not updated their systems with security patch which gave
more scope for WannaCry to spread out more rapidly and to reach a
huge number of computers all over the world.
What do Hackers need?
One word answer to this question is Money. Yes, they are doing this all
for Money. So, WannaCry is also one type of Ransomware (malware
that holds the data of a computer user for Ransom). It is demanding
about 300 US Dollars in virtual currency Bitcoin within 3 days to unlock
the files and return them to the user.
How does Wanna Decryptor work?
This malware is delivered as a Trojan through a loaded hyperlink that
can be accidentally opened by a victim through an email, advert on a
webpage or a Dropbox link. Once it has been activated, the program
spreads through the computer and locks all the files with the same
encryption used for instant messages. Once the files have been
encrypted it deletes the originals and delivers a ransom note in the
form of a read me file. It also changes the victim’s wallpaper to a
message demanding payment to return the files.
Some sources said that the initial spread of WannaCry is coming
through Spam, in which fake invoices, job offers and other lures are
being sent out to random email addresses. Within the emails is a .zip
file, and once clicked that initiates the WannaCry infection. Also, the
most concerning aspect of WannaCry is its use of the EternalBlue
Exploit as a weapon of mass destruction and once it gets into an
non patched PC it spreads like a wildfire.
Impact and Affected Organisations
The attack affected many National Health Service hospitals in the UK,
and up to 70,000 devices – including computers, MRI scanners, blood-storage
refrigerators and theater equipment – may have been affected.
On 12 May, some NHS services had to turn away non-critical
emergencies, and some ambulances were diverted. Renault and Nissan,
being affected by this cyber attack, halted their production in several
sites to avoid the spread of this ransom-ware. Apart from these
organisations, Andhra Pradesh Police(India), Ministry of Internal Affairs(
Russia), FedEx (United States) etc; have been affected by this malware.
Monday may be a busy day for Asia
On 12th May, Saturday WannaCry has come to sight and within 2 days
(Saturday and Sunday) it created a massive disturbance all over the
world. But it has a less impact on Asia when compared to Europe. The
reason may be that it came on a weekend and most of the Companies
are on a weekend holiday. So, when they come to office on Monday,
turning their systems switch on, the drama may begins. Moreover, on
Monday it is expected that hackers may release an updated version of
malware called WannaCry 2.0 which may easily overcome through the
barrier of ‘Kill Switch’ set by Anti Virus Softwares till now.
Response from Microsoft
Due to the seriousness of the WannaCry attack, on May 13, 2017
Microsoft took the highly unusual step of also providing a security
update for Windows XP, Windows 8, and Windows Server 2003, despite
these versions being past their support cycles. Windows XP, Windows
8, and Windows Server 2003 users can download the patch from the
Microsoft Update Catalog. The extended support for Windows Server
2003 had ended on July 14, 2015, almost two years earlier, and the
extended support for XP ended on April 8, 2014. Windows Vista,
Windows 7 and Windows 8.1 were included in the normal security
update in March, though extended support for Windows Vista ended
on 11 April 2017.
Thanks for Reading the Article. Please Comment below
Author: Venkatesh Kumar Maale
Managing Committee Member
If you are also Interested to share your knowledge and experience like us, join us by filling the membership form in Join us page.
Disclaimer: Information is collected from different sources and arranged in readable manner.