One Bitcoin Ransomware attack on a global scale has literally lived up to its name “WannaCry.” The ransomware which is said to have compromised systems in more than 78 countries, including few vital networks like the ones belonging to UK’s NHS has received worldwide coverage. Based on the available reports, the ransomware worm also known as WannaCrypt, WanaCrypt or WCry targeted vulnerable computers running on Microsoft Windows and the person(s) behind the attack are demanding anywhere between $300 to $600 in Bitcoin per computer to provide the decryption key.
While the demand for Bitcoin ransom has got the mainstream media’s attention, adding fuel to the anti-Bitcoin commentary of the individuals and organizations, WannaCry has a much darker past. Analysis of the ransomware has shown that WannaCry spread itself throughout the network of vulnerable machines by exploiting a bug labeled “MS17-010” which was supposedly exploited by the US Government agency, NSA as well. The spy agency also had a tool codenamed “Eternalblue” which was exposed by ShadowBrokers earlier this year along with a much larger data dump of “stolen” cyberarsenal belonging to the agency.
The modus operandi of WannaCrypt involves infecting the vulnerable computers through the SMB (Server Message Block), a message format used by DOS and Windows to share files, directories, and devices. Once infected, the worm encrypts almost all the files on the compromised computer and installs a Doublepulsar backdoor. The backdoor hands over remote control capabilities to the ransomware’s creator.
After detecting the bug, Microsoft had issued necessary software patches to the computers running currently supported OS versions. However, devices running on now obsolete Windows XP, Windows 8 and Windows Server 2003 missed out on these updates and became targets to WannaCry’s onslaught. Considering the severity of the situation, Microsoft in an unprecedented move pushed emergency updates to the operating systems which are no longer eligible for official support.
A 22-year-old security researcher who runs Malware Tech Blog dissected the code to discover a kill switch, by accident. He proceeded to register an unregistered domain which proved to be a sinkhole that prevented the ransomware from spreading further. The domain registration and subsequent successful connections to the domain triggered a hidden condition within the ransomware code which prevented its spread.
While the WannaCry ransomware has been contained, it still opens up a huge question about the irresponsible and virtually unprotected nature of IT infrastructure in the public sector. NHS and numerous other networks, vital to the functioning of a country are riddled with systems running outdated software, making them vulnerable to attacks.
It is time the governments, banks and financial institutions woke up to the reality and ensured their infrastructure is up to date before pointing fingers at cryptocurrency community or other actors.
In precisely five days, the September fiat settled bitcoin futures contract at CME expires.Yes, another month is nearly over, so… Read More
The “Big Four” auditing firm, Deloitte’s Luxembourg unit is working on letting its employees pay for lunch using cryptocurrency, especially… Read More
Patrick Byrne , the former chief executive of Overstock.com who sent shockwaves through the blockchain community not too long ago… Read More
Bit Farms, a cryptocurrency mining company stationed in Canada , has bought more than 2,000 new A10 Avalon mining machines… Read More
In addition to economic data, the stock market anticipates comments from dovish St. Louis Fed President James Bullard this week.… Read More
Digital assurance: The "Killer app of Blockchain" according to VeChain According to Sunny Lu, the co-founder, and CEO of VeChain,… Read More