Watch What You Click: What is WannaCry?

By Jeslyn Tan, New York Times

Computer virus gives the world a shock

Just barely two weeks ago, the world was taken by storm when a virus exploiting vulnerabilities in Windows infected more than 300, 000 computers with ransomware, encrypting users’ files and holding them for a ransom of $300 to $600 within one week of infection. Built using vulnerabilities in the Windows operating system first identified by the United States National Security Agency (NSA) and stolen by hackers, the virus has targeted computers in over two dozen nations, according to experts from three security firms.

The weakness in Windows operating system was initially discovered by the NSA, but instead of informing Microsoft they proceeded to build the EternalBlue tool for their own offensive work. This tool was stolen by a hacker group named The Shadow Brokers and used for the creation of WannaCry, resulting in a virus targeting vulnerabilities that Microsoft could only eradicate with additional security updates after the release of EternalBlue. 

Microsoft had initially released security updates for its operating systems in March 2017, issuing a “critical patch” to remove the underlying vulnerability for supported systems nearly two months before the attack. Despite this, multiple organizations had yet to apply this patch to their security systems, putting them at risk to the outbreak of WannaCry in May 2017, adding them to the numbers of infected computers.

The severity of WannaCry was further compounded when it became clear that it was not merely a virus, but also a worm. It had the ability to propagate rapidly without any action from the user, leading to the immense proliferation of the virus before a fix was unexpectedly found by a web security researcher.

The discovery of a “kill-switch” located in the code of the ransomware greatly slowed the speed of the infection, and within four days of the initial outbreak, security experts reported a sharp increase in the number of organisations that had applied the security updates offered by Microsoft, further slowing infection rate to a trickle.

Now, over half of all internet addresses corrupted globally come from China and Russia, while the United States accounts for only 7% of WannaCry infections, according to data supplied by threat intelligence firm Kryptos Logic. In some circumstances, researchers are finding more effective ways to recover data from infected machines, and security experts have taken the publicity surrounding this attack as a chance to reiterate the importance of having secure backups and the latest security patches. 

As Arne Schönbohm, President of Germany’s Federal Office for Information Security (BSI), said, “the current attacks show how vulnerable our digital society is. It’s a wake-up call for companies to finally take IT security [seriously]”.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s