After three years, still, the mark WannaCry ransomware left in the cybersecurity and Microsoft users is unforgettable. WannaCry ransomware is a dangerous ransomware attack in existence. Do you want to know more about it? Kindly follow the article.
What is WannaCry Ransomware?
WannaCry is a type of Ransomware worm that affected many corporate and spread across Microsoft users in May 2017. Like other Crypto-Ransomware, it takes data hostages and demands a large sum of ransoms in cryptocurrencies like Bitcoin.
Ransomware is malware that enters the computer and gets full access to the affected system. It demands a ransom from the user to let the system work again. The ransom can be in the money and other forms.
When the ransomware encrypts the data in the PC and demands a ransom to release them, it is called Crypto-ransomware. WannaCry is one of them. The literal meaning of the word WannaCry is – “Want to decrypt?” In the case of WannaCry ransomware, attackers demanded $300 – $600 as ransom in the form of Bitcoin.
History of WannaCry Attack
The first evidence of the ransomware attack was found in Asia on Friday, 12 May 2017. The ransomware infection spread rapidly between the networks of computers through Eternal Blue an exposed Vulnerability of Microsoft window. Within the day, the infection spread to more than 2, 30,000 computers in over 150 countries.
Fortunately, Microsoft has already released a security patch for the Eternal Blue Exploit one month before the attack. Thus only those who didn’t update to the Microsoft new patch were affected by this attack. The attack was halted in the next four days by the cybersecurity peoples through new patches and the discovery of the kill switch.
There were more than 3,00,000 infected computers and 2,00,000 victims. Many nations asserted North Korea or the agencies working for the country as the one behind the attack. But still today, the suspect remains anonymous and not arrested.
Related : Network Vulnerabilities and the OSI Model
What is Eternal Blue Exploit?
Eternal Blue is a Cyber Vulnerability in the implementation of Server Message Block (SMB) of Microsoft Windows found by the U.S. National Security Agency (NSA). Instead of reporting, they used it for their offensive purpose. Then, it was stolen and released by the mysterious hacker group named the shadow Brokers.
How does it Work?
The hackers induce the WannaCry code through the Eternal Blue exploit. During the attack, the shadow brokers released a backdoor tool – Double Pulsar. It is a tool that helps to bypass the normal authentication and encryption of the computers.
The WannaCry takes advantage of the already installed Double Pulsar or installs it, to access the information and grasp the control of the system. An interesting character about it is, it doesn’t reveal itself once it entered the computer. It dives deep inside to find the URL (so-called “kill Switch”). Experts are unsure about the reason behind this function.
If it cannot find it, then it starts to encrypt all the files on the computer. The files can be in any format (Microsoft files, Mp3, Mkv). When the user tries to access the file, it displays a ransom notice demanding $300 to $600 to release or regain the files.
Do WannaCry attacks still exist?
Marcus Hutchins, the British Cybersecurity expert discovered the code’s search for the URL. His discovery of the kill switch reduced the spread of ransomware but didn’t stop it. On the other side, the patch for Eternal Blue exploit was released by the Microsoft team. These two factors brought the attack to end.
However, in recent times we are facing a new variant of the Eternal Blue Exploit. In 2018, a new variant of WannaCry attacked the Taiwan Semiconductor Manufacturing Company (TSMC) forcing it to shut down its business. In that year, Boeing experienced the same. However, they were able to recover fast due to the availability of security patches.
How to prevent yourself?
As the WannCry make use of the same exploit, it shows there are still more computers that remain not patched. Though the WannCry targets only the windows, it is better to take the following prevention measures in all your electronic gadgets including phones, androids, and tablets.
- Keep your systems updated to the new version released by the vendor.
- Backup all your information, as the instance of getting back the data after the ransom is very low.
- Update all your security software to face the recent threats.