NSA Told Microsoft of Flaw Before Ransomware Attack

Share

After striking West Bengal Electricity utility, WannaCry ransomware has also struck Kerala's Wayanad Panchayat office. Malware of this sort extorts money from victims by locking away files and personal data.

The locking or kidnapping process generally relies on frighteningly complex cryptography.

Once your files are encrypted, your options are limited. Multiple news reports have stated the attackers used tainted e-mails to trick employees into installing the malware on their computers.

No. The first recorded instance of a ransomware attack occurred back in 1989.

Ransomware is now at epidemic proportions. Let's hope that now, after the severe consequences of the attack, employers will put the necessary efforts in advancing employees' knowledge about cyber security.

Nicolas Godier, a researcher at cybersecurity firm Proofpoint, claims that his team discovered the new attack called Adylkuzz, which is related to last week's WannaCry "ransomware worm".

Ransomware actually locks down files on an infected computer and asks the computer's administrator to pay in bit coins in order to regain control of them. This exploit is not a fire drill and WannaCry is just the exploits payload.

Meanwhile China's central bank, the People's Bank of China, told Reuters that it has thus far found any cases among its institutions, although it will continue to monitor the situation, adding that it "attached great importance to the work of creating a secure financial network and strengthening internet security and governance".

More news: Republicans starting to turn as committee asks to see Comey documents
More news: New Shadow Brokers Message Teases Data From Nuke Programs, Windows 10 Exploits
More news: Trump alleges 'witch hunt', denies trying to kill FBI probe

"It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different objective", said Godier.

Those hit by WannaCry also failed to heed warnings past year from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs. The hack used a technique purportedly stolen from the U.S. National Security Agency to target Microsoft's market-leading Windows operating system. It patched all operating systems bar Windows XP. However, on Friday, to inoculate users against the spread of WannaCry, Microsoft took the unusual step of issuing downloadable patches for customers running these older platforms - namely Windows XP, Windows 8 and Windows Server 2003. Microsoft has been very critical of the NSA stockpiling of exploits.

It appears that the malware doesn't attack Windows 10 machines, and it may also be sparing Windows XP machines.

Whereas ransomware traditionally leverages email to propagate to unique users, WannaCry also takes advantage of a Windows flaw to replicate across the network to other vulnerable machines, thereby leading to entire organizations being crippled in an amazingly short timeframe. If the ransom is not paid within the allotted time, the ransomware will simply "throw away the key" that allows you to get your data back.

Should I pay the ransom? Paying encourages criminals to launch further attacks.

It gets worse too. This leak paved the way for EternalBlue, which is the vulnerability WannaCry exploits. Looking for legitimate e-mail addresses, grammatical mistakes in the body of the mail can facilitate you with information on whether they are malicious. All you need to know is a wallet's identifying number and WannaCry is hard linked to a few wallets.

"Bitcoin is anonymous as long as you don't use it or spend it", said Heilman, who is working with BU professor Sharon Goldberg to develop a truly anonymous version of bitcoin.

Share