A massive malware attack took place on Friday 12, May 2017 on the internet. Within seconds this malware hit around 200,000 computers. Organizations and users in more than 150 countries were attacked including UK, Spain, Germany, Russia, Italy, Egypt, Pakistan and India. This nasty software is called WannaCry and it attacks vulnerability in Windows OS. It is a deadly “ransomware” which is capable of locking your computer and makes all your files encrypted and inaccessible.
It is said to have originated from the mugging of ‘cyber weapons’ that were linked to the US government disabled several hospitals in England and multiplied in no less than 24 hours. Technical staff worked hard for reinstalling operating systems and recover the data lost. Few succeeded while many were left with no hope. Some organizations have already paid the ransomware amount of $300 which was demanded to get back the data because they were left with no realistic solution. The malware is reported to spread via emails and the ransom message appears in 28 different languages.
A malware got leaked in the mid of April named as “Shadow Brokers”. It is reported to be leaked from an archive of software tools by the NSA in order to control and corrupt the windows computers. This rumored threat that the cyber criminal will employ this malware against the public and corrupt many other computers throughout the world just became real within a month.
A scientist from a security firm Agari, Markus Jakobsson stated that the attack was ‘scattershot’ instead of targeted. He also added that the attack is very broad spread whereas the ransom is relatively small.
The Microsoft in March released a patch for this flaw which was a software update that fixed the problem, yet the computers which have not installed the security update faced the risk of the cyber attack. The Microsoft assured that their engineers are working on the detection and protection against the WannaCrypt ransomware attack.
A Microsoft spokesperson said, “Today our engineers added detection and protection against new malicious software known as Ransom: Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled are protected. We are working with customers to provide additional assistance.”
It was also reported that the malware reached universities. Also, organizations which faced the attack included FedEx and Telefonica and National Health Service.
‘Accidental Hero’ who halted cyber-attack aged 22
However, this ransomware was made idle by an ‘Accidental Hero’. The developer of this is Darien Huss from Proofpoint security firm, a 22-year-old UK cyber security researcher. He generated a ‘Kill Switch’ in WannaCry software. The switch was fixed in the malware and includes the use of lengthy nonsensical domain name which the malware makes a request to and if the return of the request takes place and it appears that the domain is live then the kill switch blows away the malware and it does not spread further.
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) May 13, 2017
The UK-researcher spent $10.69 for purchasing and came to know that the domain name was being registered thousands of connections in just seconds. The UK-researcher said that he saw it was not registered and thought that he will have that.
Yet the malware had already affected many parts of Asia and Europe before the domain was registered. The US had enough time to develop immunity against it. Also, it has been reported that the Kill Switch would not work if the computer has already been affected by the ransomware attack. However, there are chances that many vulnerable malware will spread in the coming future. Do not take ransomware easy, it is best to have an extra layer of security. What is ransomware and how to prevent will surely help you to develop security against any significant damage by ransomware in the future.