WannaCry: The Ransomware Attack That Made The Cyber World Cry
by Nimisha Paul
WannaCry Ransomware Attack: The Global Threat
WannaCry is the most trending topic this week. Wherever you go this is all you hear about and its all over the news. If you have not fully figured out what WannaCry is all about, read along to gain an insight. WannaCry is a ransomware virus that hackers have unleashed to attack computers across the globe. Not sure what ransomware means? As the name suggests, Ransomware attacks are virus attacks that block some or all data on a user’s computer and demands a ransom to be paid for returning them. Now, the cyber world has taken a massive hit as hackers have unleashed massive ransomware attack on computers all over the world. As the estimation goes, more than 230,000 computers have been infected across 150 nations. The attack came to the limelight from Friday, 12 May 2017 onwards and as the European Union Agency for Law Enforcement Cooperation describes it “have been unprecedented in scale!”
As the attack spreads from country to country, users, companies, and the authorities are searching for ways to stop this devastating run of the hackers. Let’s dig deep into what’s going on now, some history and how to prevent yourselves from the clutches of this powerful cyber attack.
Ransomware Attack: More Than Just a Virus Infection
It’s common knowledge that there are different types of computer viruses and each attack differ from each other in purpose, damage caused and targeted users etc. Unlike most of its counterparts, a ransomware attack uses the typical criminal style blackmailing technique to earn money. It encrypts the data on the user’s system and blocks access to it. Typically, a message will be left for the user demanding a payment to unlock the files. The threat made is usually that the data will be permanently deleted if the ransom is not paid within the specified time period.
The ransomware attack could be large or small depending upon the capacity of the hackers and what they need. Small ransomware attack is not so hard to reverse for people who have some technical knowledge. But a more advanced ransomware attack are extremely hard to sort out. This kind of ransomware attacks may sometimes encrypt the computer’s Master Table ( a database which stores information about every file and directory on an NTFS File System).
How does Ransomware Work?
Ransomware attacks are technically termed Cryptoviral Extortion. The process that this malware carries out may be a bit complicated for those who are not familiar with technical terms in cryptography. Excluding the details of how the encryption is done, the process can be simply explained in three steps.
- The virus is injected into the user’s system (a verity of methods may be used for this such as a downloaded file or the vulnerability in a network).
- A message is displayed to the user on how to pay the ransom amount.
- The payment is received by the hackers and they either send a code (key) to unlock the encrypted files or a program that can unlock the files.
The WannaCry Ransomware Attack and the Current Scenario
Also known by the names WannaCrypt and WanaCryptor 2.0. The WannaCry Ransomware attack is one of the biggest virus attacks of recent times. The attack mostly came through malicious phishing e-mails but WannaCry has also the capacity to get into networks that aren’t secure and directly affect the system.
The attack was mainly on windows based systems. Those that were mainly affected were the ones using outdated operating systems such as Windows XP and Windows Server 2003. Microsoft has now released a critical patch to protect the system from infection. Once infected, the WannaCry software makes a demand to the user to pay a ransom amount of $300 in bitcoin. If the payment is not made within a period of three days, the hackers double their demand to $600. The threat made by WannaCry is that if the payment is not made within the 7 days of infection, the files will be deleted permanently and will be lost forever. As this attack was planned on a global scale, the message displayed by the virus is available in multiple languages. It also displays a countdown to show the time remaining to make that payment.The list of file formats that is infected is lengthy and includes all commonly used photo, video, document and database formats.
WannaCry Virus Warning
Almost $57,282.23 has been made so far by the hackers in the form of ransom amount. The payments have been coming in from around the world. According to statistics available, the major share of this payment came from Europe, Russia, Korea, and Taiwan. It is also known that a relatively huge sum was paid by a source from Russia which is thought to be a business group. The payments via Bitcoin have substantially increased over the past week.
The ones that suffered the major blow includes large business firms, government organizations, and other popular organizations. This includes FedEx, Nissan, Renault, MegaFon, Hitachi, Vivo, hospitals and government organizations across the globe.
Experts say that the chances of recovering the files if the ransom amount is paid are minimal.The payment does not automatically reverse the encryption on the files. The spread of this ransomware attack has slowed down but the situation is still not under total control. A young security researcher was able to slow down the attack accidentally as he attempted to trace the extent of the attack. Experts from across the world are trying all they can to prevent the spread of this harmful ransomware attack.
Ransomware Attack; Not a New Threat
With the arrival of WannaCry virus, Ransomware attacks have become a trending topic for discussion. But this entirely in not a new kind of threat even though such an attack like the current one was not much anticipated. Ransomware attacks have been around for a long time. In fact, the first attack of its kind dates back to 1989 where a virus called AIDS Trojan was designed by Joseph Pop. The virus encrypted the file names only and hid them in the hard drive. It then displayed a message suggesting that the license period for certain software have been expired. The users were asked to make the payment to obtain the repair tool. There was a serious flaw in this virus as it was possible to extract the key to decrypt the files from the code of the virus itself. Ransomware attacks were further enhanced using the possibilities of cryptography and significant attacks using new variants came in the years after 1996.
More recent attacks include Reveton, a virus that began to spread in 2012. It threatened the users by displaying a warning that looks like one from a law enforcement agency. The warning makes a claim that the computer was used for illegal purposes so the computer has been locked. It suggests the users make a payment as fine to them to unlock the system. Relating to it’s nature, this ransomware attack were called Police Trojan.
CryptoLocker is another ransomware attack that was in the news. This virus started affecting systems in 2013 and was and encrypting ransomware attack. This virus threatened to delete the encrypted data of the users if the payment was not made within a specific time. Approximately $3 million was collected until the virus spread was made under control.
In the year 2014, another ransomware attack called CryptoWall stormed the cyber world. CryptoWall used malicious advertisements to inject the infected files to the user’s system. $18 million is estimated to be lost due to this attack. A more recent version of CryptoWall came into the limelight and had capabilities to avoid being detected by antivirus and could encrypt the file names as well.
Fusob is a mobile ransomware attack. The trick used by the hackers behind this virus is to make the user believe that it’s an accusatory authority and scares the users into paying the ransom amount of $100 to $200. This virus was incorporated into a pornographic video player and the user accidentally falls victim to the virus infection. The interesting fact is that once infected, Fusob virus initially checks the language of the system. It does not encrypt and lock the files if the languages are Russian or certain Europian language. For systems using other languages, the virus locks the files and demands a ransom amount to be paid.
How to Defend a WannaCry Ransomware attack?
Prevention is always better than cure. Avoid clicking suspicious links and opening emails from untrusted sources. Never open attachments with suspicious file formats even if it’s from someone or some firm that you are familiar.
Increase the security of your networks as WannaCry has the capability to attack a system directly through a weakly protected network.
Windows XP, Windows Server 2003 and other unsupported windows editions are particularly more vulnerable. Users of these operating system must be highly cautious. A new patch has been released by Microsoft to protect from the ransomware attack. Downloading this patches will help prevent the attack to a certain extent.
Install Windows updates irrespective of the version you are using. This will help you become less vulnerable to WannaCry RansomWare attacks.
It’s wise to backup your files and stores them on any secure source. The ransomware attack can only lock the data available on that particular computer where it’s present. Making use of cloud storages is a good idea if you feel concerned about the protection of iffiness on your computer. Keeping a backup will be vitally helpful in case you come under attack in the future.
For the time being, it’s better to avoid online money transactions or using the ATM as far as possible until the situation is under control. The RBI has asked banks in India to update the new patch for Windows used in the ATMs to prevent the virus attack. It is to be noted that approximately 60% of all ATM’s in India run using outdated Windows XP.
Install Anti Ransomware Programmes that are available for download. This software have better capabilities to defend Ransomware attacks than your antivirus software.
If you are among the unlucky group that has been already affected, it’s wise to restrain yourselves from paying the ransom amount. As far as the information available till now, paying the ransom amount will not let you reclaim the data.
The time has come when we see the reflection of crimes in the outside world literally mirroring itself on the online arena. The WannaCry Ransom attack is yet another example of this. Now, everything is becoming online and crimes too are no different. The mode of blackmailing used here is simply a copy of kidnapping in the real world. In this times when sensitive data are valued so much, it’s obvious that the victims of the crime will pay any amount of money to get back the ‘data that have been kidnapped’. Hackers will make use of this weakness more and more in the times to come. As the authorities take strict actions to prevent real world crimes, so should be in the prevention of online crimes. Remember, any piece of information a person has in his computer is what he owns and stealing that information is equal to stealing any of his real belongings. It’s good to see that there is an increased awareness of the need for online security. It’s good to see corporates and governments trying their best to prevent these crimes. But for the common man, there is a need for an increased sense of value for the data he/she stores on their computer. Everyone will take extensive measures to prevent a thief from breaking into the house and stealing their belongings. But do we regard digital belongings with the same value? However small or insignificant the data you store on your computer may be, it belongs to you and there is no right for anyone else to access that data or prevent you from accessing that data. Each individual should consider it their duty to do all they can to secure their system and prevent these kinds of crimes. Let the latest ransomware attack be a lesson for all of us and let’s do whatever we can to make the cyber world safer in the future.
We have Reached the End!
Hope this article has shown you some insights on the new malware attack. If you are still confused about the subject, seek help from a professional web development company. Approach Dotz Web Technologies; one of the best web design company India for any sort of web design and development services. In the event that you need us to have a site for you, don’t hesitate to get in touch with us.
March 17, 2017