The WannaCry ransomware is arguably one of the biggest cyber attacks in modern history.
According to a report by The Verge, European authorities have revealed that the ransomware has affected more than 200,000 individuals and 10,000 organisations in over 150 countries.First discovered last Friday, the WannaCry ransomware brought several large organisations down to their knees. England’s National Health Service was badly affected as sixteen hospitals around the UK were forced to shut down because of the virus.
Automobile maker Renault was also forced to shut down several factories in France as "proactive measure".
Due to the scale of the attack, Microsoft reportedly released updates for all older unsupported operating systems from Windows XP onwards, but experts warned that it might not be enough as a second wave of attacks is reportedly on the horizon.
WHAT IS THIS 'WANNACRY' RANSOMWARE?
Already with 200,000 reports of the attack since Friday, the scale of this global cyberattack is not yet fully known as the ransomware is still spreading as we speak. Named WannaCry, the ransomware targets computers running Microsoft Windows, encrypting their data demanding a ransom of US$300 (RM1,300) to US$600 (RM2,600) worth of Bitcoins to regain access.
When the victim’s computer is hit by the ransomware, file extensions of programs are changed to .WNCRY, a window pops up with a countdown timer showing when users’ files will be lost and a deadline for an increased ransom price.
Though India was hit worse, clocking in 60% of all affected computers in the world, but it is the UK that suffered the worst disruption from this attack. WannaCry brought hospitals to its knees by causing them to lose access to patient data. Operations cancelled, X-rays, test results and patient records were encrypted and phones did not work.
According to a report by The Guardian, the hackers have reportedly raised more than US$20,000 in ransom.
WHO IS RESPONSIBLE FOR THE ATTACK?
Like investigating a hypothetical zombie apocalypse, let’s visit ground zero. There are two key players to this whole incident: The Shadow Brokers (TSB) and National Security Agency (NSA). TSB is a hacker group that made themselves public in the Summer of 2016 with a clear purpose and objective, only to release NSA’s hacking tools and exploits.
However, the real identity of the people involved in the attack are still unknown. The Independent UK reported that investigators are now working around the clock to hunt down those responsible for the attack.
WHEN DID THIS ATTACK START?
So when TSB released an exploit called Eternal Blue last April, it rang a few alarms as it could potentially infect thousands, if not millions of PCs, as fast as wildfire. Immediately, Microsoft Windows released a patch but like most other updates, users do not install them rendering their machines vulnerable.
When WannaCry reared its ugly head last Friday, it exploited machines almost the exact same way how Eternal Blue was designed to. WannaCry targets Microsoft Windows’ vulnerability, also known as MS17-010, encrypted data and demanding a ransom.
For security experts, it is obvious that WannaCry is just a more powerful and virulent infection, an evolution if you’d like, to Eternal Blue.
HOW DOES THE RANSOMWARE WORK?
The infection of the ransomware is initially believed to be by (passive) spam emails containing lures like job offers, fake invoices with an attached .zip files sent to mass emails around the globe. Now, however, the infection is believed to spread via a direct (active) method - by directly injecting the ransomware into the victim’s computer.
Dubbed the ‘WMD of Ransomwares’ by CrowdStrike's vice president of intelligence Adam Meyers, WannaCry is scanning the entire internet for vulnerable and unpatched machines then infecting it directly.
On Saturday, the spread of the infection was halted by an expert who goes by the name of MalwareTech who registered a garbled domain name hidden in the malware. With hundreds of thousands of zombie PCs out there, experts are actively looking for a cure to remedy affected machines.
On Sunday, multiple security researchers have claimed that WannaCry 2.0 are out in the wild, this time without the 'kill-switch' domain connect function, and infecting more computers worldwide.
HOW DO I PROTECT MYSELF FROM WANNACRY?
Besides not clicking suspicious links and opening dubious emails, make sure to update your computers NOW.
So, how do you get rid of WannaCry if your computer is infected? Manually scrubbing malware is an arduous and almost an impossible task and you’d be better off wiping your hard disk clean or changing your hard disk entirely.
Other than that, there's nothing much you can really do.
The primary strategy to tackling this malicious software is probably by identifying the ‘mothership’ or the ‘command and control’ servers from which the malware is being run. Once identified, control would be seized and encryption keys to be released to the public. Another solution, though unlikely, is for the culprits to turn themselves in.
WILL THERE BE ANOTHER ATTACK?
Experts believe that this is just the first wave to cyber-attacks and there will be more to come in the near future. Are governments, agencies and corporations ready today?
Cybersecurity firms believe that not enough effort is done by governments around the world to build their cyber-soldiers. Conventional warfare such as deploying troops into areas of conflicts are irrelevant in this digital age.
Could this truly truly be the age of keyboard warriors?