In a recent worldwide cyber attack, a ransomware program that goes by the name WannaCry has managed to infect computers from all over the world. Reports claim that 99 countries were affected by WannaCry, including China and Russia. Among the severely affected was UK’s National Health Service(NHS) and Spain’s Telefonica, along with a number of businesses around the world. According to BBC, about 40 NHS organisations were impacted by the ransomware, causing hospitals to be closed down and operations to be canceled. Even our neighboring country, India looks to have taken a hit. However, there seems to be no reports of WannaCry incidents from Sri Lanka so far.
What Does WannaCry Do Exactly And How Did This Happen?
As what you would expect with ransomware, the victim’s computer files will be locked and encrypted. The only way one could gain access again is to pay whatever demanding ransom. After which you would be able to decrypt these encrypted files. With WannaCry, the demand is $300 in bitcoin. Once affected, a pop-up window would appear with instructions on how to make the payment. This pop-up also features 2 clocks. One clock would display the 3 day deadline to pay the ransom. Once reached, the demanding amount doubles. The second clock shows a deadline when the victim would lose their data forever.
Usually, ransomware relies on humans for it to get into computers. However, it looks like WannaCry looks is spreading via a worm. This essentially spreads by itself between computers within a network.
It is believed that a group of hackers calling themselves ShadowBrokers are behind the attack. This seems to use an exploit of a Windows Software vulnerability. Dubbed ETERNALBLUE, the exploit was developed by the National Security Agency(NSA). The same group had released this exploit last month, along with a collection of spy tools which were allegedly used by the NSA. Although, Microsoft already patched this vulnerability, it looks like those affected were ones that haven’t updated their software to get this fix.
WannaCry Kill Switch: An Accident Might Have Saved You
Following the massive crisis, a malware analysis expert that goes by MalwareTech examined WannaCry. What he accidentally found was a kill switch that stopped the ransomware from spreading further. Unfortunately, this did not impact any of the already affected systems. However, this is only temporary though. MalwareTech’s solution may have slowed down the ransomware. But this does not mean WannaCry is gone and out. In fact, all that’s needed is for the attackers to change the code and start again.
It’s very important everyone understands that all they need to do is change some code and start again. Patch your systems now! https://t.co/L4GIPLGKEs
— MalwareTech (@MalwareTechBlog) May 13, 2017
Should I Be Worried? What Should I Do?
Most of us use the internet on a daily basis. So a ransomware of this magnitude should obviously be of serious concern to all of us. Microsoft even rolled out an update to its older operating systems such as the Windows Server 2003, Windows XP and Windows 8, despite the fact that the company no longer provides mainstream support for them. Thankfully, people are already working on a permanent fix for the issue. But does this mean you have nothing to worry about? Not quite. Here are a few things you should do to keep yourself safe from these type of harmful attacks.
- Keep your Operating Systems updated. Yes, this can be annoying sometimes, but its absolutely vital (as we’ve clearly seen).
- Always keep your anti-virus program and other softwares up to date
- Maintain a regular backup of your important files. For instance, you could get an external hard drive and keep a copy of your files on it.
- Have a pop-up blocker running on your web browser
- Most importantly, DO NOT click links, attachments or emails from people you don’t know. This is true for a lot of cyber attacks, not only ransomware.
As far as we know, WannaCry hasn’t made it to Sri Lanka, let’s hope the situation remains the same. There are also rumors of WannaCry 2.0, a new version of the ransomware without the kill switch. However, there’s nothing official on this as of yet. We’ll be sure to update this post should anything come up. Until then, stay safe.
As of now, the number of affected victims have risen to around 200,000 in at least 150 countries. Rumors of a WannaCry 2.0 may look to be a little more than just a rumor now. According to The Hacker News, Costin Raiu from the global research and analysis team at Kaspersky Labs confirmed to have seen WannaCry samples without the kill switch. So unless the vulnerable systems are patched, chances are this might make another round, and t his time the damage might be more serious.