“WannaCry”
first discovered on Friday, May 12th
2017,
had spread to an estimated 57,000 computers in more than 150
different countries around the world by the end of the day. Some
experts said the threat had receded as of Sunday, in part because
“MalwareTech” registered a domain that he noticed the malware was
trying to connect to, limiting Wanna Cry's spread. Microsoft also
issued emergency security patches for a range of Windows versions.
But
the Hackers updated the software to another
variant
which spreads more rapidly and creating more havoc. Infact,
second variant doesnt have a kill switch and is responsible for 50%
of all attacks .
Last
week, an unprecedented malware attack began sweeping the globe and
the most severe malware attack so far in 2017. A new ransomeware
called 'Wannacry' or 'Wannacrypt' has attacked a few big countries
with
Russia, Ukraine, and Taiwan being the top targets and
created havoc by targeting sensitive industries like healthcare,
banks. This ia a scary type of trojan virus called “ransomware”,
the virus in effect holds the infected computer hostage and demands
that the victim pay a ransom in order to regain access to the files
on his or her computer.
Lets
see, what is ransomeware wannacry. “Ransome” means a
sum of money demanded or paid for the release of a captive.
Ransomware
is a malicious software that locks a connected device, such as a
computer, tablet or smartphone and then demands a ransom to unlock
it. The
WanaCrypt 0r 2.0 bug, for instance, wants $300 to be paid in Bitcoins
to unlock the affected computers. However, paying the ransom is no
guarantee for getting the files will be restored and might just open
up new attacks.
WannaCry
works by encrypting most or even all of the files on a user’s
computer. The
software demands that a ransom be paid in order to have the files
decrypted. The biggest threat with 'Wannacry' is that it's more than
just a ransomware; it can also be classified as a worm. Being a worm,
the ransomware has the ability to spread to different systems running
on the same LAN network or even spread through emails.
The
purpose of a ransomware attack is to extort money from victims. It is
a powerful attack because people may fear losing their documents and
photographs and so may be more likely to pay. When it hits businesses
and hospitals, there is extra pressure to get rid of the ransomware
quickly. The government has said the ransomware outbreak at the NHS
was not a targeted attack on the UK's health service. It may be that
the attackers created their virus without knowing exactly how far it
would spread.
The
malicious software used in the attack has the ability to
automatically spread across large networks by exploiting a known bug
in Microsoft's Windows operating system. Other factors were the large
number of old, outdated software programs in use and often
ineffective security systems. The
hackers were using tools stolen from the U.S. National Security
Agency and released on the Internet on
14 April through a dump by a group called Shadow Brokers. When a
system is infected, a pop-up window appears with instructions on how
to pay a ransom amount of $300. The pop-up also features two
countdown clocks; one showing a three-day deadline before the ransom
amount doubles to $600; another showing a deadline of when the target
will lose its data forever. It
demands payment
only
in bitcoin,
gives instructions on how to buy it, and provides a Bitcoin address
to send it to.
Have
you heard of Bad USB??? BadUSB, is a malware that can be installed on
a USB device to completely take over a PC, invisibly alter files
installed from the memory stick, or even redirect the user’s
internet traffic. Since BadUSB resides not in the flash memory
storage of USB devices, but in the firmware that controls their basic
functions, the attack code can remain hidden long after the contents
of the device’s memory would appear to the average user to be
deleted. If
cybercriminal professionals thought
of a
collaboration of Bad USB and Wannacry,
the results could be even graver(We may not find the flaw at once and the whole hardware needs to be
replaced after such an attack)
How
to protect ourselves from the cyber attacks?? Self defence is always
the prime choice. Following are some important steps to follow:
-
Keeping a back up is the safest and most effective way to deal with the threat.
-
Regardless of which operating system you run, you should install any and all available security updates immediately.
-
Individual users as well as organisations have been asked to apply patches to their Windows system(s) as mentioned in the Microsoft Bulletin MS17-010, which is marked critical
-
Don't open emails or links in e-mails from people even in your contact list. E-mail has proven to an effective carrier in the case of 'Wannacry' ransomeware
-
Avoid downloading from websites that are not trustworthy; even attachments from unsolicited e-mails
-
Update Antivirus on all your systems and download Microsoft's latest software patches. For unsuported Windows versions such as XP, Vista etc, the user can download the necessary patch from this link. http://www.catalog.update.microsoft.com/Search.aspx?q=KB40125
-
Providing cyber-hygiene training to all levels of employees so that they dont click on phishing links i.e,Educate employees on identifying scams, malicious and emails that may contain viruses.
-
Organisations connecting to the Internet through Enterprise Edge or perimeter network devices [UDP 137, 138 and TCP 139, 445] should block their SMB ports or disable SMBv1.
If
u get affected then immediately, Disconnect from the internet to
ensure there is no further infection or exfiltrating of data as the
ransomware will be unable to reach the command and control servers.
Set BIOS clock back in case the ransomware has a time limit
associated to it as with WannaCry.
Do
you wonder why ransome isasked in Bitcoins?? Ransomware
often demands between 0.3 and 1 Bitcoins (£400 – 1,375),
but
can demand a payment denominated in dollars but made via Bitcoin. The
digital currency is popular among cybercriminals because it is
decentralised, unregulated and practically difficult
to
trace. Also
all
bitcoin transactions are visible on bitcoin’s public accounting
ledger, known as the blockchain.I
said difficult, not impossible to trace as the law enforcement in
multiple countries will be looking for the culprits.
I
think literally, this
may not be a money-making scheme at all. Unlike
more functional and automated ransomware attacks, the
wannacry attack has probably the lowest profit margin
it might be someone trying to make
a wake up call
and I personally
agree with Microsoft that the
governments of the world should treat the WannaCry attack as "a
wake-up call," to consider the "damage to civilians that
comes from hoarding these vulnerabilities and the use of these
exploits. I
think WannaCrypt could have been intended
merely to demonstrate the moral hazard of governments that catalogue
software vulnerabilities but do not notify software developers. Thus,
WannaCrypt illustrated exactly what could happen if these
vulnerabilities fall into the wrong hands. Always remember
cybersecurity
is a shared responsibility between tech companies and customers, the
former relying on the latter to keep their critical systems updated,
just as people rely on companies to put out secure systems. So
its all about coperation..
In
this era of big data, this is the
next generation
of malware, a
more professional operation could improve on WannaCry’s techniques
to inflict far worse damage. i.e
a code that doesnt have a killer switch can be catastrophic. This
combination of a network-based self-spreading worm and the profit
potential of ransomware won’t fade
away, and
we have to develop our
own abilities to adapt and innovate in order to be better prepared
for the next attack.
No comments:
Post a Comment