Day 30: What is the WannaCry Ransomware Attack ?

Posted on by

What is the WannaCry Ransomware Attack

Windows computers are targeted by the crypto-ransomware worm known as WannaCry. It is a type of malware that may travel from computer to computer through networks and, once inside a computer, encrypt important files. After that, the criminal demands payment in ransom to unlock such files. The term was taken from code strings found in some of the virus’s earliest samples.

Because Microsoft released a patch two months before the 2017 outbreak of WannaCry, which was dubbed a “study in preventable catastrophes,” the worm could not have affected the system.

WannaCry sample
WannaCry sample

What is the origin of the WannaCry attack?

The United States National Security Agency’s EternalBlue, an attack designed for older Windows systems, was where it was initially discovered. A month before the attack, a group known as The Shadow Brokers stole and leaked Eternal Blue. On May 12, 2017, the attack started at 07:44 UTC and was stopped at 15:03 UTC by the registration of a kill switch that Marcus Hutchins (also known as Malware Tech) had identified. The kill switch stopped WannaCry from encrypting already affected computers or from spreading.

Who was at risk of infection?

According to Europol, the extent of the ransomware camping was unprecedented, with almost 200,000 systems infected across 150 countries. Russia, Ukraine, India, and Taiwan were the four most severely affected nations, according to Kaspersky Lab.

The National Health Service institutions in England and Scotland were among the main organizations targeted by the attack, and it is possible that up to 70,000 items, including computers, MRI scanners, blood storage refrigerators, and theater equipment, were impacted.

How can it be stopped?

Marcus Hutchins, a cybersecurity expert who collaborated sporadically with the National Cyber Security Centre of the UK, studied the malware and found a “kill switch.” Later, geographically scattered security researchers worked together online to create open source tools that, in some cases, permit decryption without charge.

Malware removal from computers is a difficult and drawn-out process. It may already be impossible given the number of illnesses present in this situation. Governments and law enforcement organizations will likely try to locate the “command and control” servers that are used to run the virus. The encryption keys could be made available to all affected networks if intelligence efforts can locate them and acquire control of them. It’s also possible that WannaCry’s developers handed over the keys themselves given that the success of the ransomware has overnight elevated them to the top of the list of international targets for the western cyber security sector. Even the toughest organized crime group is likely to be concerned by such visibility.

Lessons from the WannaCry attack?

Organizations of different sizes and in a variety of industries have picked up certain lessons. To reduce the likelihood that ransomware will seriously disrupt their networks, many have upgraded their older operating systems, aggressively patched their systems, better separated unpatched systems behind firewalls, and developed a reliable backup solution.

History is prone to repetition. The next significant ransomware worm could appear at any time. Businesses must be equipped to handle a ransomware assault and make sure their systems can withstand the damage.

Hope you enjoyed this blog post on the WannaCry ransomware. Well, that will be all for the Day 30 post and the end of the 30 days of cyber security and blogging challenge set for myself. 😢

Well, I shall be dropping contents from time to time, so be sure to check around often for more contents. 😉