Tuesday, December 6, 2022

5 YEARS TO “WANNACRY”

Author

Date

Category

Birth of the WannaCry Ransomware

It all started on May 12th, when a large number of computers around the world were hit with a ransomware attack known as Wannacry. Many organizations and individuals paid the ransom, but there are still some who have not. The question is “Is Wannacry still active”?

The virus has so far infected almost 200,000 computers worldwide and hackers have earned a paltry $50,000 based on Bitcoin payments. The virus was intense, leading hospital officials to only require those with severe or life-threatening conditions to seek care at facilities affected by the attack. This comes after intelligence officials and computer executives have disagreed on responsibility for this act.

Note: WannaCry is a ransomware that utilizes the NSA tool, DoublePulsar, to infect other computers. In other words, a new type of NSA weapon utilizing a flaw in Microsoft software was lost and ended up in the hands of malicious hackers.

Microsoft president Brad Smith says it’s a problem that governments are stockpiling security risks such as viruses, leading to dangerous consequences.

Patrick Toomey, a staff attorney at the ACLU (American Civil Liberties Union), said in a statement that these attacks underscore the fact that vulnerabilities will not only be exploited by security agencies but hackers too, who can exploit these holes to get into our data.

EternalBlue

Microsoft issued a patch for the EternalBlue vulnerability two months before it was stolen, but this did not stop the ransomware from spreading from Europe to Asia. Experts all agree that the NSA likely tipped Microsoft off to the flaw once they realized it had been leaked. The cause of the attack is partly due to computer users and IT managers who have not upgraded their systems.

When a computer is infected with WannaCry, it will display a pop-up message demanding $300 in Bitcoin from the user within 3 days. If the ransom is not paid within 7 days, the amount increases to $600, and after 10 days the hackers threaten to delete files on your computer permanently. The ransomware then spreads itself using the EternalBlue vulnerability in Microsoft Windows and attacks other computers on its network by spreading via Server Message Block (SMB). According to a report, the developers had released a new version of WannaCry, which included the ability to target computers that have been patched for security flaws.

Country’s Interest in Pirate

China’s love of pirating software led to that country’s quick spread of WannaCry. Pirated versions typically don’t receive updates, so the vulnerability wasn’t fixed until quickly in China.

Complex software interacts in unpredictable ways with its parts, which makes IT managers hesitate to push updates without extensive testing. Ordinary computer users are too lazy to install these updates more often than they already do. Even with more secure software to make data breaches less likely, vulnerabilities won’t be eliminated. 15-50 errors will exist for every 1,000 lines of code written.

Is NSA at Fault?

In response to computer insecurity, Microsoft executives are asking for security agencies to publish vulnerabilities. The NSA is hesitant to do this because it could make large software companies less competitive and decrease the value of their stock.

If it weren’t for the continued use of outdated computer systems and poor education to update software, this attack would not have been so damaging.

Is WannaCry ransomware currently active?

It’s been over two years since the WannaCry ransomware attack took place, and though the malware is no longer active, there are still plenty of variants out there. So, is WannaCry still a threat?

Unfortunately, the answer is yes. WannaCry may be inactive, but there are plenty of other ransomware strains that remain a very real threat. Just last year, ransomware attacks increased by 250%.

While the WannaCry ransomware is no longer active, there have been several other similar attacks since then, such as Petya and NotPetya. Infects computers running Windows XP and later versions of that system. It does this by exploiting a security flaw in older versions of Microsoft Windows operating systems, as well as some network-enabled devices such as web cameras. Finally, consider investing in antivirus software with ransomware protection to give you an extra layer of defense.

WannaCry Conclusion

The WannaCry ransomware is a serious threat to businesses and individuals alike.

WannaCry exploits a vulnerability in older versions of the Windows operating system, so by keeping your software up to date you can close this potential attack vector. Secondly, consider using a backup solution to protect your important data.

Finally, be sure to install and maintain antivirus software on your computer. While no antivirus is 100% effective, it can help to detect and block many malware threats, including WannaCry. The attackers behind Wannacry may have simply gone quiet and are waiting for people to forget about the attack before striking again.

Previous article
Next article

RECENT HERE