A few years ago, ransomware was a type of malware that had been kicking around for a decade to little effect. It gets its name because it’s a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until the ransom is paid, generally in the digital currency bitcoin.
The crippling WannaCry ransomware, which used an exploit developed by the US NSA, has struck organizations around the world. The WannaCry ransomware has locked up more than 200,000 computers in government offices, banks and hospitals across more than 150 countries. Most malicious worms rely on humans to spread by tricking them into clicking on an attachment concealing the attack code. In contrast, WannaCry will hunt down software vulnerabilities and infect your machine.
According to Kurt Baumgartner, a security researcher at Kaspersky Lab, the extortion demands start at $300 and increase after two hours to $400, $500 and then $600.
WannaCry Ransomware: This is not over
According to Britain’s National Cyber Security Center, there could be more cases of “ransomware” attacks at a significant scale because some infected machines have not yet been infected and existing infections can spread within networks. Current data shows more than 1.3 million computer systems are still vulnerable to the malicious software.
On a similar note, Europol said the ransomware attack is at an unprecedented level. The cyber-extortion attack will “require a complex international investigation to identify the culprits.”
Security experts believe the attack is caused by a self-replicating piece of malware that enters machines when employees click on email attachments. The worm spreads quickly internally from one computer to another when employees share files.
It is believed to be the biggest attack of its kind ever recorded.
The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the US National Security Agency (NSA) for its own intelligence-gathering purposes and was later leaked to the internet.
WannaCry Ransomware Hits 150 Countries
The recent attack paralyzed Britain’s National Health Service (NHS), forcing its hospitals to close wards and emergency rooms and turn away patients. Japanese industrial group Hitachi said on Monday morning it was experiencing difficulties with its internal email system, after some employees reported delays in receiving and sending emails, and difficulty in opening attachments. FedEx said it was experiencing difficulties with some of its Windows-based systems caused by malware and is working to fix the problems as quickly as possible. Germany’s Deutsche Bahn rail operator reported on Saturday morning that passenger information displays in some stations were inoperative. Travellers took to Twitter to share pictures of affected departure boards showing the ransom demand instead of train times. Russian Central Bank discovered malware bulk emails directed to banks but detected no compromise of resources. Qihoo360, a major internet security company in China issued a software patch at 3 a.m. on Sunday that can recover the data encrypted by the ransomware attack.
According to cyber security company Kaspersky Lab, amongst the hardest hit are Russia, Ukraine, Taiwan and India. Meanwhile, the list of organizations hit by the ransomware keeps getting longer, alongside Britain’s NHS, Deutsche Bahn, FedEx, Renault, China National Petroleum Corp., Telefónica, and Russia’s ministry of the interior.
Calls for Ransomware Crackdown
Microsoft rushed out an emergency patch for Windows XP, even after formally ending support for the OS three years ago. In a strongly-worded blog post, the Redmond tech-giant Microsoft pinned blame on the US government for not disclosing more software vulnerabilities. It criticized governments for “stockpiling” information about cybersecurity vulnerabilities, noting that similar security holes were revealed on WikiLeaks in documents stolen from the CIA.
In the United States, Trump administration called an emergency meeting with the homeland security advisor to discuss the ongoing threat of the ransomware. The NSA and the FBI are working to determine who conducted the attack.
The fact that the NSA can have top-secret information like this stolen from them is a problem.
On Saturday, a cyber security expert, tweeting as @MalwareTechBlog, said he had accidentally discovered a kill switch that can prevent further spread of the WannaCry ransomware.
My blog post is done! Now you can read the full story of yesterday’s events here:https://t.co/BLFORfM2ud
— MalwareTech (@MalwareTechBlog) May 13, 2017
He tweeted saying, “I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental.” Although, machines already affected will not be helped by the solution.
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) May 13, 2017