You will learn the following topics in this blog –
The WannaCry Outbreak
The WannaCry attack happened soon after the discovery of a vulnerability in Microsoft’s software called EternalBlue by the USA’s National Security Agency. This exploit was leaked by the hacker group “The Shadow Brokers” in April 2017.
Even though Microsoft was able to patch the vulnerability for the Windows systems, many organizations failed to update their existing systems or delayed the patch installations as the new patch installations would negatively impact the legacy systems.
The WannaCry ransomware used EternalBlue against the vulnerability to break into multiple Windows systems and this was called one of the biggest cyberattacks so far. The damage from WannaCry stood at approximately $4 Billion as estimated by Cyence, the cyber risk modeling company.
How was WannaCry stopped?
The WannaCry attackers used a ‘kill switch’ technique to determine whether or not the attack and encryption should be carried out on the targeted system. The initial process followed by the ransomware would be to check for the presence of a live web page.
Now, the logic was, if while trying to access the domain of the kill switch results on the live page, the attack and the encryption will be executed. However, if the kill switch is activated and the website registration is done along with posting a web page on it, the spread of WannaCry can be stopped.
Marcus Hutchins, a British Security Researcher was able to identify this and was able to successfully stop the spread of the infection.
Enroll in our Cyber security course now to learn more about this ransomware and protect yourself and your organization.
What is WannaCry ransomware?
WannaCry is typically crypto-ransomware used by cyber attackers to extort money in the form of bitcoins. Targeting the computers using Microsoft Windows, WannaCry takes data hostage and deals to return it if a ransom is paid. The files and folders are encrypted so that the users are unable to access or read them. In some cases, the user might also be locked out of the computer by WannaCry ransomware attackers.
How WannaCry ransomware works?
The WannaCry is a type of encryption ransomware where the computer system is infected by encrypting the data. It propagates through a worm and can automatically spread without the user’s participation.
WannaCry then displays a ransomware note asking the user to pay the amount (the ransom) ranging from $300 to $600 within the stipulated time or else the files would be deleted permanently. The payment is taken in Bitcoins and in case there is a delay, the WannaCry attackers might threaten to double the ransom amount.
Origin of WannaCry
It is still not clear where WannaCry originated from. However, cyber security experts suspect the traces of WannaCry in North Korea and its hacker arm ‘the Lazarus Group’. This came after the cracking of a hidden clue in the background of the WannaCry code by cyber security experts in a joint collaboration with the FBI.
Preparing for job interviews? Have a look at our blog on Cyber Security Interview questions and start preparing now!
Now the question arises how to identify whether your system has been compromised and affected by WannaCry. Unlike other threats that hide in your system, WannaCry can be recognized immediately. If you see a giant screen popping up demanding ransom and notifying you that all your files are encrypted, you must know it is WannaCry. It somewhat looks like the following:
How to mitigate WannaCry?
Even though Marcus Hutchins was able to slow down the WannaCry attacks by discovering the hard-coded URL and setting up a site there, WannaCry continues to be active even today. Experts recommend knowing Big Data to curb the damage caused by such cyber attacks. However, below are the few defenses against WannaCry :
- Keeping up to date systems – Regular update of the Windows Operating Systems and the security software is recommended. Even though Microsoft patched up the EternalBlue vulnerability, millions of computer systems were still impacted by WannaCry as their software was not updated. Most of the cyber attacks can be stopped by simply keeping the software updated.
- 2 Factor Authentication– 2FA protection and updated passwords are also one of the ways to prevent the WannaCry attack. The 2FA authentication includes absolutely personal questions related to the user, that only he/she can answer. In some advanced cases, this type of authentication can include biometric authentication too.
- Data Back-up– Creating back-ups of the files in an external hard drive ensures the safety of your files and folders from the WannaCry ransomware. If in case, your system gets infected by the ransomware, just remove it and restore the system to its original state.
Hence, creating a backup is highly recommended to curb the impact of WannaCry along with not paying the ransom.
One point that needs to be noted here is that routinely connecting external hard drives to the system should be avoided. If the system is attacked by WannaCry or any other ransomware, the hard drive will also be exposed to the risk of attack.
- OneDrive– Usage of OneDrive is recommended for organizations or consumers. This is suggested by cyber security experts to lower down the risk of all the systems getting infected and the protection of files and folders of the organizations and individuals.
- File History- Enable file history in your system & set up a drive for file history.
- Internet Network Security– A safe and password-protected internet connection can go a long way in protecting your systems from WannaCry Ransomware.
- Infected Websites- Beware of the WannaCry infected websites. Avoid visiting such websites as Malvertising and infected Ads always await there. It is recommended to check the safety level of such websites especially when shopping or streaming.
- VPN– Using a VPN (Virtual Private Network) while in a public wifi network is highly recommended as using public wifi exposes your system to any kind of attack.
How to check WannaCry vulnerability?
As per the official communication by Microsoft, the systems having the older versions of Windows, which are no longer supported by Microsoft, can be vulnerable to WannaCry.
However, if you are using Windows 10, Vista, Windows 7, or Windows 8, etc., you might remain protected from WannaCry till the automatic system updates are enabled.
Your systems might also be vulnerable to the WannaCry ransomware if they are part of a network that has been infected by WannaCry.
Is WannaCry still a threat?
Research shows that the WannaCry ransomware is not dead yet. It continues to haunt users across the world. The unpatched and unprotected systems are still under immense threat from the WannaCry ransomware. More sophisticated versions of WannaCry have been reported over the last few years, since the initial attack in 2017.
Many suspects that the attack suffered by Boeing in 2018 was a possible WannaCry ransomware attack. Though the giant was able to recover the systems back promptly, the operations were hit severely.
With more and more unpatched Windows systems still out there, WannaCry attacks are expected to increase further as it exploits the same vulnerabilities.
Today, due to the incessant move towards digitization of our lives, the WannaCry is just a grim reminder of all things that can go wrong suddenly, bringing our world to a grinding halt. So, in view of this, it is imperative for each of us to act against such malicious entities in order to secure our data, networks, and systems through the right and timely deterrent systems.
Caught up with any doubt? Ask them out in our Cyber security community right away!