'WannaCry' Ransomware Attack Stymies Global PCs

Remigio Civitarese
Mag 19, 2017

John Riggi, former FBI Section Chief for the Cyber Division Outreach Section and now head of services firm BDO's Cybersecurity and Financial Crimes Unit, believes that because the WannaCry ransomware started out in Europe and spread to the rest of the world-including Asia-the sequence of attacks in other countries worked to the advantage of US organizations.

The ransomware affected a number of countries including Russia, Ukraine, India, Spain, UK, USA, Brazil, China and several others in North and Latin America.

"You can point a lot of fingers, but I think given that this was not a zero-day vulnerability (for which no patch is available), the people hacked are to blame", said Robert Cattanach, a partner at the global law firm Dorsey & Whitney and an expert on cybersecurity and data breaches.

The researcher, identified only as "MalwareTech", found a "kill switch" within the ransomware as he studied its structure.

Since most researchers say that the code used to develop the WannaCry ransomware virus is the same as the code used to develop the 2014 Sony security breach which was backed by North Korea, further investigations are being opened into the attack. He immediately claimed the URL for himself, spending about $11 to secure his access, and that greatly slowed the pace of infections in Britain. Now, the hackers have updated the ransomware to include no kill switch.

WanaCryptor 2.0 is only part of the problem.

"The Transmission Control Protocol port 445 of Windows system, which is widely acknowledged unsafe, is closed on many computers". According to Wikipedia, once installed, wannacry uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts, which have not been updated with the most recent security updates yet, to directly infect any exposed systems. The virus has also impacted computers running Windows Vista and Windows 7 whose owners had blocked the security updates. Whatever its source, it was published on the internet last month by a hacker group called ShadowBrokers.

Since increasing numbers of systems running older versions of Windows were affected, Microsoft had chose to push an emergency patch for Windows XP and Windows Server 2003, urging users to deploy the patch as soon as possible to limit the impact of WannaCry.

Microsoft distributed a "fix" for the software vulnerability two months ago, but not all computer users and networks worldwide had yet made that update and thus were highly vulnerable.

Microsoft, however, immediately issued a "free" patch for old software, including Windows XP, on Friday midnight when the ransomware attack began spreading.

Ransomware is just one of the ways that cybercriminals profit from weak computer security. Unfortunately, however, a new variant of the program is already in the wild.

The government held an emergency meeting Saturday of its crisis response committee, known as COBRA, to assess the damage. Linux, Mac or any unix based OS are not affected.

None of the firms targeted indicated whether they had paid or would pay the hackers ransom.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE