Why WannaCry ransomware took down so many businesses

Share

WannaCry ransomware worm has created havoc across the globe hitting about 150 countries and over 57,000 computers. However, the evidence is not conclusive.

Researchers from a variety of security firms say they have so far failed to find a way to decrypt files locked up by WannaCry and say chances are low anyone will succeed.

The methods used by the NSA to gather and discreetly access individuals' data has come under the microscope following the initial Edward Snowden leaks in 2013. "In case the client is using pirated or old software which is making them victim to cyber crime, no money will be paid", said a senior executive of a private insurance company who also said there is a spike in queries of cyber insurance.

The global WannaCry ransomware attack should be a wake up call for all companies about the threat ransomware poses. American officials said Monday that they had seen the same similarities.

With proactive security measures in place, threats like the recent ransomware attacks will not leave owners and managers scrambling to recover vital business data held hostage.

Read the full New York Times report here. "This malware is different as it is trying to exploit legacy systems. However, the reused code appears to have been removed from later versions of WannaCry, which according to Kaspersky gives less weight to the false flag theory".

More news: China dismisses India's concerns over OBOR, cites global support for CPEC
More news: AP photographer shot covering West Bank protest
More news: India's cricket team to participate in Champions Trophy

There was no evidence on Monday of a second wave of attacks like the one that hit Friday, the BBC reports. WannaCry was stopped in its tracks (at least temporarily) by a 22-year-old researcher in the United Kingdom who goes by the moniker MalwareTech.

How did all of this get started? Fearing that the window for using the stolen malware was closing, on April 14, the Shadow Brokers simply dumped a list of dozens of the NSA files on github.com, a site for programmers. It leveraged an exploit - a tool created to take advantage of a security hole - leaked in a batch of hacking tools believed to belong to the NSA. About the time the leak hunt began, the Federal Bureau of Investigation arrested Martin, a veteran intelligence contractor who had worked at the NSA, including in its Tailored Access Operations unit.

"We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world", wrote Smith in a blog post on Sunday. This is an emerging pattern in 2017. "An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen". "The attack is not focused on any particular industry but is widely spread, especially across those organisations, which are online and connected", Quick Heal Technologies' managing director Sanjay Katkar said.

Smith says cyberweapons require a new approach, and governments must "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits".

Smith made this call in February for an worldwide convention on the use of cyberwarfare similar to the Geneva Convention rules governing war and protections of noncombatants.

According to the company, "Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March". [The criminals who create malware nearly always look for a coding crack in widely used operating systems and apps, so they can exponentially maximize the number of infected computers.] Here's where it gets really hairy: the Windows vulnerability appears to have been stolen from a menu of major coding flaws kept in the highly encrypted servers of the National Security Agency's special cyber warfare unit.

Share