Safety Rules

The WannaCry Ransomware Attack: A Case Study

For those readers who are unaware of the WannaCry Ransomware attack, it was a cyber attack conducted on a large scale, targeting only the Microsoft Windows operating systems.

The initial infection was likely through an exposed vulnerable SMB port, rather than email phishing as initially assumed. However, email phishing was the main method of spreading the WannaCry ransomware.

In this attack, the ransomware would encrypt all the files in your computer. To remove such encryption, one was asked to pay approximately $300 worth in bitcoins, with a deadline.

 

What helped make this attack successful?

1. The main victims of such cybercrime were Windows 8, 2003 and XP users, because the last released security update for XP was in April 2014, and many didn’t install the newer update as of March this year.

2. Microsoft had stopped supporting these versions of windows, but an emergency update was released  for them to fight this cyber attack.

3. Also, there were many using an unlicensed windows software. This makes them all the more vulnerable.

4. The attack is believed to have been carried out using tools that were stolen from the US security agency NSA, which had been stockpiling on a number of vulnerabilities around Windows OS, MacOS, etc.

5. The WannaCry ransomware attack had exploited a vulnerability in Windows OS called EternalBlue.

 

The Cure

There are no recorded cases of anyone’s computer getting decrypted after making the required payment.

1. While trying to establish the size of the attack, a man named Marcus Hutchins accidentally discovered a “kill switch” coded in the malware. He registered a domain name for the DNS sinkhole (a DNS which gives false information about a domain), which stopped the spreading of the virus like a worm, thus drastically slowing down the spread of the virus, giving time to come up with defensive measures.

2. A man named Adrian Guinet created a “WannaKey”, a solution to the WannaCry ransomware based on its flaws. He cautioned that it wouldn’t work if the infected computer was rebooted or if the malware overwrote the decryption key.

 

Impact

1. This attack impacted a number of businesses, institutions and hospitals all over the world.

2. Businesses like Nissan and Renault had to pause their activities after some of their computers were affected.

3. In hospitals, computer systems used for various purposes were affected, like MRI scanners and computers.

4. Many critics said that this attack could have been prevented if people took steps, to solve the flaws on which the attacks were based, earlier.

5. Some even blame the governments for their inability to secure vulnerabilities.

6. Estimates state that around 200,000 to 300,000 computer systems were affected in this attack in approximately 150 countries.

 

Future of this attack

1. Although now this attack has somewhat slowed down, this will not mark the end of it. The hacker group “Shadow Brokers” has threatened to unleash hell in June, calling it the “Data Dump Month”.

2. There have been no signs of someone making the payment and having their files decrypted. The reason for this is that one’s payment cannot be linked to their computer. In addition to the above, it would require manual intervention of the hackers to decrypt any files, and thus there is no way of decrypting over 300,000 computers.

3. The Shadow Brokers have claimed to have access to over 75% of the US Cyber Arsenal.

4. They also claim to have access to the Nuclear programs of North Korea, Russia, China and Iran.

 

 

Aiden Willis

Author Aiden Willis

More posts by Aiden Willis

Join the discussion One Comment

Leave a Reply

All Rights Reserved, Ranksecure.