recorderjournal.com

Technology

'WannaCry' ransomware attack: What we know

Share
Worldwide cyberattack could spark more trouble Monday

The speed and reach of Friday's WannaCry ransomware attack may have come as a shock to the business affected - and indeed public institutions like the NHS - though that outbreaks of this scale can happen should surprise nobody.

The organisation also said that many organisations had failed to keep their systems up to date, allowing the virus to spread.

Experts think it unlikely to have been one person, with criminally minded cyber crime syndicates nowadays going underground and using ever more sophisticated encryption to hide their activities.

The cross-border police agency Europol said the situation was now stable, defusing concerns that attacks that struck computers in British hospital wards, European vehicle factories and Russian banks would spread further at the start of the working week.

"WannaCrypt" the ransomware malware used in Friday's massive cyber-attack has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows as per the reports.

Microsoft's top lawyer is laying some of the blame at the feet of the USA government. That had the effect of stopping new infections, as the malware would stop its infection routine if it got a response from a server at that domain. A temporary fix slowed the spread, but new versions of the virus have been unleashed. Whoever is behind the attack could update the ransomware and remove the kill switch.

Unfortunately computers already affected will not be helped by the solution. There's Microsoft, whose ubiquitous Windows operating systems were compromised after attackers exploited a security hole.

The virus exploits a flaw in a version of Microsoft Windows first identified by USA intelligence.

The U.S. government clearly had its priorities wrong in not focusing on better protecting these cyberweapons, he said.

Cyber experts also noted that there is widespread use of pirated software in China and other regions of Asia, so many computers aren't upgraded as often as they should be.

Security firm BinaryEdge, which specializes in internet-wide scans, has detected more than 1 million Windows systems that have the SMB service exposed to the internet. The extortion scheme created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear.

WannaCry's success showed that a large number of organizations are falling behind on patches and that many have legacy systems running old versions of Windows.

Banking systems across the region were largely unaffected. The company said the virus has been localized and "technical work is underway to destroy it and update the antivirus protection". Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were canceled.

"Right now, just about every IT department has been working all weekend rolling this out", said Dan Wire, spokesman at Fireeye Security.

"Once it gets in and starts moving across the infrastructure, there is no way to stop it", said Adam Meyers, a researcher with cyber security firm CrowdStrike.

As things stand, there is no indication of a second surge of cases here in the UK. Once inside an organization's network, the malware behind the attack spread rapidly using this vulnerability. With this attack, Abrams recommends trying to recover the "shadow volume" copies some versions of Windows have.

"The EternalBlue exploit is part of a bigger leak called "Lost In Translation" that packs multiple vulnerabilities ranging from simple annoyances to extremely severe ones", Bogdan Botezatu, senior e-threat analyst at Bitdefender, said by email.

The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected. "I didn't open any link", she said.

It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money.

Share