All you need to know about the WannaCry hack and how to protect yourself from it
on
Get link
Facebook
Twitter
Pinterest
Email
Other Apps
On Friday, hackers—who may not be caught for months, if at all—stole a malicious software from the National Security Agency’s
kitty of cyberweapons, and used it not only against their own citizens
but also against various entities around the world like governments,
hospitals, businesses (like FedEx in the United States, Telefónica in
Spain and MegaFon, a telecom major in Russia) and of course, end users.
According to Kaspersky Lab, the worst-affected amongst the 150 countries
were Russia, Ukraine, India, and Taiwan. It is said to have spread to
2,30,000 systems.
Here is all you need to know about the attack that is being called the atom bomb of cybercrimes.
1. How it works
They used something known as a ‘Wanna Decryptor’—a variant of the WannaCry ransomware—which
encrypts data, locks one out of their system, and demands a ransom to
release it. It was circulated via an ordinary phishing email from a
supposedly official source, with an infected attachment. It then used a
worm to spread rapidly to all the computers on any network that had even
one compromised computer. It utilised a hacking method the NSA
allegedly developed as a cyberweapon. The result? A complete encryption
of users’ data, unlocking which came at a ransom of around $300 in
bitcoin. The perpetrators have designed their ransomware in a way that
the ransom increases at intervals until it finally threatens to wipe out
the data until a prefixed amount of time elapses. The encryption makes
sure the ransomware goes undetected by security systems until employees
open it, after which, it would be too late.
2. Impact on the UK
As many as 36 British hospitals were blocked out of their computer
systems and were threatened that their data— like patient records—would
be wiped out if the ransom demands weren’t met. Even ERs were forced to
turn people seeking urgent care away. Reportedly, employees at Britain’s
National Health Service were warned earlier on Friday, but there wasn’t
enough time to act, after that.
3. Impact on India
Closer home, police computers across 18 Indian units in Andhra
Pradesh’s Chittoor, Krishna, Guntur, Visakhapatnam, and Srikakulam
districts were affected. Gulshan Rai, chief of cybersecurity, said to IndiaToday, “There
are about 100 systems attacked in India and as of now there are no more
threats…We understand systems in Andhra Pradesh are impacted, but so
far our assessment is that there isn’t much impact.”
4. Impact on Russia
Russia’s Interior Ministry claimed that “around 1,000 computers were
infected,” which was less than one percent of their total, they noted,
and that their technicians were able to contain it.
5. The speculated role of the US government
Last summer, a group that went by the name ‘Shadow Brokers’ leaked
software tools from the US government’s collection of hacking weapons
even as the latter denied owning them. And last month, Microsoft was
apparently tipped off about a vulnerability in their earlier builds—like
Windows XP, which many Indian systems still run on. They released a
patch within hours to combat it but its sluggish adoption by users, like
the hospitals in Britain, made them susceptible to the risk. Many
experts believe that the tip-off—which Microsoft is not revealing the
source of— was in fact, given by the United States government after they
realised that one of their hacking tools, ‘Eternal Blue’, which they
had developed to target a weakness in Windows systems, had been stolen.
6. Microsoft’s reaction
In a highly unusual move, Microsoft released a patch for its older
version—namely Windows XP—in the wake of these attacks, in spite of
having discontinued it over three years ago. Microsoft’s President and
Chief Legal Officer Brad Smith released a statement on their official website saying
that the bulk of the responsibility lay with the US government for not
informing Microsoft about this vulnerability beforehand. He wrote, “This
attack provides yet another example of why the stockpiling of
vulnerabilities by governments is such a problem. This is an emerging
pattern in 2017. We have seen vulnerabilities stored by the CIA show up
on WikiLeaks, and now this vulnerability stolen from the NSA has
affected customers around the world. Repeatedly, exploits in the hands
of governments have leaked into the public domain and caused widespread
damage. An equivalent scenario with conventional weapons would be the US
military having some of its Tomahawk missiles stolen. And this most
recent attack represents a completely unintended but disconcerting link
between the two most serious forms of cybersecurity threats in the world
today—nation-state action and organised criminal action.
“The governments of the world should treat this attack as a wake-up
call. They need to take a different approach and adhere in cyberspace to
the same rules applied to weapons in the physical world. We need
governments to consider the damage to civilians that comes from hoarding
these vulnerabilities and the use of these exploits. This is one reason
we called in February for a new ‘Digital Geneva Convention‘ to
govern these issues, including a new requirement for governments to
report vulnerabilities to vendors, rather than stockpile, sell, or
exploit them.”
7. How it was contained
A 22-year-old UK-based researcher who goes by the name of MalwareTech,
while researching WannaCry, noticed that the web domain used by one of
the attackers hadn’t been registered, so he paid the $10.69
registration fee, took over the domain, and started tracking their
activity. A Forbes article explains, “Whoever was behind the
ransomware included a feature designed to detect security tools that
would fake internet access for quarantined PCs by using a single IP
address to respond to any request the computer made. This is a feature
of a ‘sandbox’, where security tools test code in a contained
environment on a PC. When MalwareTech registered his domain to track the
botnet, the same IP address was pinged back to all infected PCs, not
just sandboxed ones.”
“So the malware thought it was in a sandbox and killed itself. Lol,” MalwareTech said to Forbes. “It was meant as an anti-sandbox measure that they didn’t quite think through.”
8. Encore?
After MalwareTech found the ‘kill switch’, fresh speculation has surfaced that WannaCry will strike with a second cyberattack,
and this time, it would not have the kill-switch protocol that was
responsible for curbing the initial attack on Friday. Matt Suiche,
Founder of Comae Technologies, claimed to have found two new variants,
which he described on his blog, as “One working which I blocked by
registering the new domain name, and the second which is only partially
working because it only spreads and does *not* encrypt files due to a
corrupted archive. A new variant had been caught by @benkow_ and sent to
me for analysis. I reversed it and found a new kill-switch
(ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com) which
I immediately registered to stop the new wave of global attacks. Then, I
synchronised with @MalwareTechBlog and @2sec4u to map the new domain to
sinkhole name servers to feed the live interactive infection map. This
is 32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.
A new variant with no kill-switch caught by Kaspersky. Although this
build does only work *partially* as the ransomware archive is corrupted,
the spreading still works. This is
07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd.”
9. How to protect yourself
To be protected from this yourself, even if you are not using Windows
XP, make sure your Windows OS is up to date with the latest update and
security systems. The latest builds of Windows come with the Windows
Defender, an antivirus software, in-built. XP users, on the other hand,
should ideally upgrade to a higher version, the most recent one being
Windows 10. Europol, the EU law-enforcement agency, warns against
clicking links or downloading attachments in emails from any sender one
does not recognise, and also to block pop-ups and ads on seemingly
suspicious sites. For Windows 7 users, Microsoft’s Windows Security Essentials software
could provide them the necessary protection. If your computer has
already been affected, try downloading an antivirus on an uninfected
system, and transfer it to your system using a CD-Rom or a USB stick. This section on Microsoft.com has provided some useful guidelines. Also, back up all your important data on an external hard disk.
Comments
Post a Comment