Wannacry Ransomware: Malware that Crippled the World

Banner | Cybervie

The first question that comes is, What is it?

A worm is known as WannaCrypt, Wana Decrypt0r 2.0, WanaCrypt0r 2.0, and Wanna Decryptor, with many names the functionality remains the same ransomware following its basic principle “Encrypt Files and Demand Ransom”.

Wannacry Ransomware | Cybervie

Some Details about the Attack

  • The attack took place on 11th May, 2017. It was considered to be a network worm as it required some transport mechanism to propagate further. It targeted computers that ran Microsoft Windows operating system by encrypting all the data present on the system and demanding ransom payments in the Bitcoin cryptocurrency.
  • The WannaCry ransomware attack hit around 230,000 computers globally. One of the first companies affected was the Spanish mobile company, Telefónica. By May 12th, thousands of NHS hospitals and surgeries across the UK were affected. As the ransomware spread beyond Europe, computer systems in 150 countries were crippled.
  • The WannaCry ransomware attack had a substantial financial impact worldwide. It is estimated this cybercrime caused $4 billion in losses across the globe.
Wannacry Ransomware Main Window | Cybervie

How did it happen?

 All of this happened through EternalBlue, an exploit developed by the United States National Security Agency (NSA) for older Windows systems. After having taken access of the machine and encrypting the files, the payload displayed a message informing the user that files have been encrypted, and demanding a payment of around US$300 in bitcoin within three days, or US$600 within seven days, warning that “you have not so enough time.” Three hardcoded bitcoin addresses, or wallets, are used to receive the payments of victims. Although the transactions and balances of the wallet were publicly accessible even though the cryptocurrency wallet owners remain unknown. When executed, the WannaCry malware did an initial check for the kill switch domain name, if it was not found, then the ransomware would encrypt the computer’s data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and laterally to computers on the same network.

Ransomware attack | Cybervie

 EternalBlue was stolen from the NSA and leaked by a group called The Shadow Brokers at least a year before the attack. The NSA had already discovered the vulnerability but used it to create an exploit for its own offensive work, rather than report it to Microsoft.

Tackling the mess

Microsoft eventually discovered the vulnerability, and on Tuesday, 14 March 2017, they issued security bulletin MS17-010, which detailed the flaw and announced that patches had been released for all Windows versions that were currently supported at that time, which comprised of Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016.

While Microsoft had released patches previously to close the exploit, much of WannaCry’s spread was from organizations that had not applied these or were using older Windows systems that were past their end-of-life. These patches are imperative to an organization’s cyber-security but many were not applied because of needing 24/7 operation, risking having applications that used to work break, inconvenience, or other reasons.

Ransomware | Cybervie

Defense:

A Kaspersky Lab study reported, however, that less than 0.1 percent of the affected computers were running Windows XP, and that 98 percent of the affected computers were running Windows 7.

The attack was halted within a few days of its discovery due to emergency patches released by Microsoft. Although Microsoft quickly issued a patch for WannaCry, not every organization could roll it out quickly enough. In fact, some customers were using a version of Windows so outdated that the patch couldn’t even be applied. Another breakthrough that saved millions of devices was the discovery of a kill switch by Marcus Hutchins that prevented infected computers from spreading WannaCry further. The attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars. Security experts believed from preliminary evaluation of the worm that the attack originated from North Korea or agencies working for the country. In December 2017, the US and UK formally asserted that the attack was from North Korea.

After Effects

A new variant of WannaCry forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories in August 2018. The virus spread to 10,000 machines in TSMC’s most advanced facilities.

 2.0 | Cybervie

Also, See about the REvil Ransomware.

For more blogs like this please visit our blog page

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Recent Posts

Follow Us on Youtube

Cyber Security Training Program 2020

Cyber security Course offered by Cybervie prepares students for a path of success in a highly demanding and rapidly growing field of cyber security. The course is completely designed with an adaptable mindset, where the program allows the student to complete the course work at their own pace while being able to complete weekly assignments. Hence, also making it convenient for busy working professionals to pursue the training to help them advance their career in cyber security.

Cybervie has designed the training module based on the cyber security industry requirements in both offensive and defensive manner, using real time scenarios which help our students to understand the market standards.

Sign up for our Newsletter

Interested in Cyber Security Training Program 2020 – Click Here