WannaCry
WannaCry is an example of encryption ransomware, a type of malicious software (malware) that cybercriminals use to extort money.
The ransomware attacks by encrypting valuable files so that you cannot access them.
Like other types of encryption ransomware, WannaCry hijacks your data with the promise of returning it if you pay a ransom.
WannaCry targets computers using Microsoft Windows. It encrypts the data and demands the payment of a ransom in bitcoin for its return.
WannaCry attack
The WannaCry ransomware attack was a global epidemic that took place in May 2017.
It spread through Microsoft Windows computers. The user’s files were kept on hold and a ransom in bitcoin was requested for their return.
If it weren’t for the continued use of outdated computer systems and poor training around the need to update software, the damage caused by this attack could have been avoided.
How did it spread?
The criminals responsible for the attack exploited a weakness in the Microsoft Windows operating system through an attack allegedly carried out by the US NSA.
Known as EternalBlue, this attack was published by a group of hackers called The Shadow Brokers prior to the WannaCry attack.
Microsoft released a security patch that protected users’ systems against this exploit/vulnerability almost two months before the WannaCry ransomware attack began. Unfortunately, many individuals and organizations do not regularly update their operating systems, leaving them vulnerable to an attack.
Those who had not run a Microsoft Windows update were unable to benefit from the patch.
When it first occurred, people assumed that it had initially spread through a phishing campaign (a phishing campaign is one in which spam emails with infected links or attachments attract users for them to download malware).
However, EternalBlue was the exploit or vulnerability that allowed WannaCry to spread, and DoublePulsar was the “backdoor” installed on the infected computers (which was used to run WannaCry).
What was it's goal?
The attackers demanded $ 300 worth of bitcoin and subsequently increased the ransom to $ 600. Victims were told that if they did not pay the ransom within three days, their files would be permanently deleted.
The best advice that can be given when it comes to ransom payments is not to give in.
Always avoid paying a ransom, as there is no guarantee that your files will be returned to you; each payment validates the cybercriminals’ business model, increasing the likelihood of future attacks.
When the victims paid their ransom, the attackers had no way to associate the payment with a specific victim’s computer.
Some researchers claimed that no one recovered their data, but a company called F-Secure claimed that some people did. This is a stark reminder of why paying the ransom is never a good idea if you experience a ransomware attack.
What was it's impact?
The WannaCry ransomware attack affected approximately 230,000 computers worldwide.
One of the first companies affected was Telefónica, the Spanish telephone company. By May 12, thousands of UK National Health Service (NHS) hospitals and clinics were compromised.
A third of NHS hospital foundations were affected by the attack. Ambulances were told to change their route, leaving scores of people in need of urgent care in the lurch. The attack was estimated to cost the NHS a staggering £ 92 million, as 19,000 appointments were canceled as a result of the attack.
Ransomware spread beyond Europe, bringing computer systems to a halt in 150 countries. The WannaCry ransomware attack had a significant financial impact around the world. It is estimated that this cybercrime caused losses of 4,000 million dollars worldwide.
How was it stopped?
A UK expert prevented the spread of the global cyber attack.
Marcus Hutchins was studying the malicious program when he realized that it was trying to connect to an unregistered domain: if it couldn’t, it encrypted the computer; if it succeeded, it would stop.
Once this security expert registered the domain, at 17:08 UTC on May 12, the attack ceased. All the urgent measures that were taken after that time were practically unnecessary.