Ransomware is probably the most researched phrase on the internet right now. May 12th, 2017 saw the biggest cyber-attack attacks till date, and yes it is far bigger than the Dyn DDoS. Previously, Dyn DDoS took place back on 21st October 2016, which involved multiple DDoS attacks targeting system operated by DNS provider Dyn that eventually caused unavailability of internet services in large areas of Europe and North America. Anonymous and New World Hackers took the responsibility of the attack.
However, this time a ransomware named as “WannaCry” has took millions of computers in more than 150 countries across the globe, with the damage epicenter in Europe. The malicious code took advantage of a vulnerability in Windows 8, Windows XP and Windows Server 2003 OS. Ransomware is not a new by any standard, but it’s gaining popularity over the last few years. It made its first appearance back in 2005. In its early days, cybercriminals would use fake apps and fake antiviruses to alert victims, and then they ask for fees as a charge for fixing some fake problems. Even it showed FBI warnings, which contained threat messages. Ultimately, they began to lock down systems or any specific app until the demands were met.
However, the main threat these days are crypto ransomware, where the attacker encrypts the file and the victim needs to pay in order to get the key and unlock their own file. According to various agencies, ransomware has caused damages of around $325 million till date.
The malware can spread through malicious e-mail attachments, fake apps, compromised websites and infected external storage devices. In a ransomware attack, a malware can change the login credentials for a computer or it may encrypt specific files and apps. Eventually, the victim receives a pop-up message that states if a ransom is not paid by a certain date then the private key required to unlock or decrypt the data will be destroyed, which will lead to data loss for the user.
Just like several other ransomware, WannaCry also encrypts all the files on user’s computer. Then the software demands a ransom of $300 in bitcoins, if the victim doesn’t pay the ransom within three days, the amount doubles to $600 in bitcoins. If the user decides not to pay for seven days, then the malicious software will delete all the encrypted files which will result in severe data loss.
Symantec has published a list of file types that are targeted by WannaCry, and they are: .123, .3dm, .3ds, .3g2, .3gp, .602, .psd, .ai, .aes, .asc, .avi, .bmp, .class etc.
The ‘Eternal Blue’ exploit that would later be used by WannaCry Trojan, was first discovered by NSA, but the organization kept in under wraps for the purpose of intelligence gathering. It was a hackers group named; Shadow Brokers released all the details regarding the exploit last month.
However, researchers at Kaspersky Lab have now revealed details that the WannaCry ransomware is linked to North Korea. The organization detailed a segment of code, which was used in both an early WannaCry variant and an older sample attributed to Lazarus group. The company strongly believes that the February 2017 sample code was compiled by the same people or by those people who have access to the same source code of the latest WannaCry encryptor that was used in the recent attack.
So now the big question is How to protect yourself from the attack?
To be safe, regardless of any OS you use, you should install all the available update and security patch to your system. This is specifically for those, who use Windows XP, Windows 8 and Windows Server 2003. Additionally, you must install a good ransomware blocker and a good antivirus. To be safer you should not open any email attachment from any unknown source and last but not the least don’t forget to have a backup of your data.
However, if you have already affected, then you only have the option of either paying the ransom or the data will be deleted, as there are no means of any third-party decryption are available right now.
On the other hand, a 22- year old programmer has been credited with the slowing down of deadly ‘WannaCry’ virus from spreading even further. He was quickly able to get a sample of the malware with the help of his friend. While running the sample he noticed that it queried an unregistered domain, which he registered promptly. Since the registration, the program hasn’t been able to ransom any new computer.
– Kaustav Roy