Held to Ransom by WannaCry

818
- Advertisement -

Literally, pay up if you want your files back!

  • Affects older versions of Windows operating system
  • Pay US$300-US$600 or risk file deletion
  • Temporarily halted, attack expected to resume
  • Download Microsoft patches for free
Cisco Talos

Since the WanaCrypt0r 2.0 ransomware global attack last Friday, experts are working round the clock to identify who is behind the latest attack, said to be ‘unique’ and ‘indiscriminate’, and targeted at the older Windows operating systems. Here’s what we know so far about the malicious virus.

Worldwide Ransomware Attack

This ransomware uses a piece of malicious software called ‘WanaCrypt0r 2.0’ or WannaCry, that exploits a vulnerability or flaw in the older versions of Windows operating system – in particular, Windows XP, Windows 8 and Windows Server 2003, which receive special custom support only.

For those in the dark, Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data.

Experts said the malware appears to support dozens of languages – an obvious sign that the hackers intended it to be a global attack.

According to researchers at the Moscow-based computer security firm Kaspersky Lab, the virus spreads swiftly using a digital code believed to have been developed by the US National Security Agency and subsequently leaked as part of a document dump.

Europol chief, Rob Wainwright said the attack was unique because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.

The Attackers

So far, there are no reports of who is the culprit behind this latest attack, though experts say it’s unlikely the work of one person as criminal-minded syndicates nowadays use much more sophisticated encryption to mask their activities.

The Ransom

A demand of US$300 (£230) in Bitcoin, was made by the attackers for the release of the victim’s files. According to the screen message, payment must be made within three days, failing which the price is doubled. If no money is paid within seven days, all the user’s files would be deleted.

Experts believed that only around US$20,000 was collected by the hackers.

Experts have advised victims not to pay up, as it would only encourage the attackers. Also, there is no guarantee files will be unblocked, which could lead to more serious repercussions such as access to the user’s sensitive information, including bank records and so forth.

The Victims

Wainwright said more than 200,000 computers in over 150 countries have been affected by WannaCry since its first attacks on Friday last week.

Amongst the high profile victims were hospitals in Britain, Spanish telcom giant Telefonica, French carmaker Renault, American package delivery company FedEx, Russia’s interior ministry and German rail

According to the latest reports today, South Korea said just nine cases of ransomware had been found. Australian officials said three small-to-medium sized businesses had reported being locked out of their systems. New Zealand’s ministry of business said a small number of unconfirmed incidents were being investigated.

Accidental Hero Inadvertently Stopped Attack – For Now

The spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a ‘kill switch’ in the malicious software – after registering a domain name to track the spread of the virus, which actually ended up halting it.

Identified only as MalwareTech, the unnamed researcher is a 22-year-old from south-west England working for Kryptos logic, an LA-based threat intelligence company.

Whilst the current attack has been halted, for now, MalwareTech warned: “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

Wake-Up Call

Meanwhile, Microsoft president, Brad Smith has warned that “governments of the world should treat this attack as a wake-up call”.

Smith said, “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”

Protect Your Computers Against Malware 

Meanwhile, Microsoft has taken what it describes as a “highly unusual” step to provide public patches – for free – for their older Windows operating systems; previously users had to pay a fee for them.

Windows users can now download security updates for Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, and Windows 8 x64.

Kapersky is said to be working on a decryption tool “as soon as possible”.

Ciaran Martin, CEO of the National Cyber Security Centre, said that in order to protect against such an attack like WannaCry, organisations should “make sure your security software patches are up to date” and “make sure that you are running proper anti-virus software”.