WannaCry is by far the most severe malware attack in 2017, and the spread of this troubling ransomware is far reaching. This malware attack began spreading across the globe late last week, and security researchers estimated that nearly 57,000 computers in more than 150 countries were infected by the virus by Friday. While the spread of this ransomware was slowed on Saturday, by Monday more than 200,000 systems around the world are believed to have been infected by the virus. Some of the world’s largest institutions and government agencies have been affected by the virus so far including the Russian interior ministry, FedEx in the US and Britain’s National Health Service. The other major organisations effected by the virus include automaker Renault and its arm Dacia, the Nissan plant in northeast England, German rail operator Deutsche Bahn, Spain’s telecom giant Telefonica, Portugal Telecom and Telefonica Argentina.
“WannaCry” is a type of trojan virus called “Ransomware”. As the name “Randsomware” suggests, the virus in effect holds the infected computer hostage and demands that the victim pay a ransom in order to recoup access to the files on his or her computer. This virus usually locks computers, encrypts the data on it and prevents software from running.Then, the software demands that a ransom be paid in order to have the files decrypted. In the case of WannaCry, the software demands that the victim pays a ransom of $300 in bitcoins at the time of infection. If the victim doesn’t pay the ransom within three days, the amount doubles to $600. Even after seven days if the victim does not pay the ransom, the virus will delete all the encrypted files and all the data will be lost.
The virus is spread hidden within word documents, PDFs and any other attachments send via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.
On Sunday night, Microsoft criticised the US spy agency that had originally developed software called the “Eternal Blue” that allowed the ransomware attack to infect computers. The “Eternal Blue” tool developed by the National Security Agency was made available to public last month when a group of hackers called Shadow Brokers released the details of the exploit to the public.
This cyber attack was specifically targeted at Microsoft and Windows devices. Microsoft claims that it had released a security update which speaks about the vulnerability that these attacks are exploiting in March itself, and also advised the users to update their systems in order to secure the systems against this threat.
The WannaCry Ransomware has a link to suspected North Korean Hackers – Security experts around the world are now cautiously linking the Lazurus Group to this WannaCry attack after a discovery by Google security researcher Neel Mehta. Neel Mehta found similarities between code found within WannaCry and other tools believed to have been created by the Lazarus Group in the past.The previously reported devastating hack on Sony Pictures in 2014, and on a Bangladeshi bank in 2016, has both been attributed to the highly sophisticated Lazarus Group.It is widely believed that the Lazarus Group works on behalf of the North Koreans.
On Monday researchers at the security firm Kaspersky followed up on Mehta’s research and analysed the similarities in the two code samples. Kaspersky stated that Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry but also noted that a lot more information is needed about earlier versions of WannaCry before any firm conclusion can be reached.The security firm also stated that in the case of WannaCry, it is possible that hackers simply copied code from earlier attacks by the Lazarus Group thus this evidence wouldn’t stand up in court against Lazarus Group as it is, but it’s worth looking deeper as North Korea has been identified as a possibility.
In India, where most official computers run Windows, regular updates might not be a habit to most people, and hence the vulnerability could be very high. A lot of personal data online are now connected to the Aadhaar data of over a billion Indians. The country’s cyber security agencies Computer Emergency Response Team of India (CERT-In) has issued a critical alert in relation to the WannaCry attack and have warned the users not to pay the ransom asked by the software.