As most of you might know by now WannaCry is the single biggest cyber threat to hit 2017. People all over the globe have been glued to their screens for any news of the looming threat. Holding their breath, while clenching their covers hoping that their data is safe. So what is WannaCry? How do I stay safe?
Buckle up ninjas, we are about to take a ride!
WTF is this thing?
First off, let’s put it in plain ol’ English. It is a malware/virus that essentially takes your data hostage and asks you a fee for its release. In this case they ask a humble $300 within the first three days and after that doubles the fee to $600. After day 7? Well, it kind of just wipes all the files that it held in its grubby little clutches. This type of software is more commonly referred to as ransomware.
…Cotton eye Joe
So where did it come from and where did it go? How does a thing like this just pop-up out of nowhere and take the globe by storm? It would seem that this ransomware isn’t a new thing by a long shot. Just a hidden thing. Believed to be part of the NSA’s stockpile of exploits. I’ll give you a moment to go grab your tinfoil hats for the next bit. The NSA is believed to store information on vulnerabilities, which they presumably use to spy or attack people of interest. The problem being that, in this case a hacker group named The Shadow Brokers got their hands on one of these vulnerabilities code named EtrnalBlue.
Using the EternalBlue exploit as a base they coded the WannaCry malware and released it. The effects thereof? Well, 150 countries and an estimated 250,000 infected systems and counting.
How it works.
The ransomware exploits a vulnerability in the Server Message Block (SMB) specifically version 1 (MS17-010). Once it has infected a target system either by “organic” reach or by spear phishing attacks it then checks the kill-switch domain. If the domain isn’t found then it goes on its merry way encrypting all of the files and giving you the “Oops, your data has been encrypted” message. After it has done its job on a single computer it then tries to utilize the SMB vulnerability to spread itself to other terminal via the internet or laterally inside of the network the current system is on.
So basically it gets in, encrypts your files and spreads like some sweet Nutella on a warm piece of toast.
Is someone stopping it?
Of course they are stopping it, well, slowing it down and making it lose momentum rapidly. Microsoft released a patch that fixes the vulnerability about 2 months ago and can be used to plug the SMB vulnerability. Microsoft in an unprecedented move also released updates to their older operating systems that aren’t being supported anymore in an attempt to help fight off the threat.
Security researchers across the globe has put time-and-effort into finding ways to stop and possibly remove the malware from infected systems. A security researcher, Marcus Hutchins discoverd the hidden domain name within the code and decided that he would register the domain in his name in an effort to track the spread of the malware. Little did he know that he became a cyber hero, since the registration of the domain brought the spread to a near standstill. Feel free to read his account of the events in his blog post How to Accidentally Stop a Global Cyber Attack(s).
With people like Marcus on the case I’m pretty confident that there will be a swift’ish resolution to the attacks.
Meeeedddiiiiic! How to stay safe.
The best way to stay safe is to disable the SMB version 1 completely. You can find it under your control panel in programs and features. Then turn windows features on or off and deselecting the SMB v1 checkbox. If you don’t see it in your list and you are still concerned, there is no need to worry, because you can find guides on how to do it manually here.
You can also make sure that you have all the latest operating system updates installed, especially if they are labeled as critical updates. Above all else, use your head. Don’t open strange emails from sources you don’t know or emails from people that you weren’t expecting anything from.
WannaCry hit hard and fast. With many big organizations taking a hit that were vulnerable and even hospitals and healthcare systems having to deal with the threat, it is a very real nightmare online. With an estimated 70,000 healthcare equipment affected with the attack, that ranges from computers to theater equipment and even ambulances that needed to be diverted in England ans Scotland. This is a very dangerous piece of malware to pick up.
If you want to know more, let me know and I will divulge all I can and there are plenty of sources at this stage that can give you more on the subject matter. I hope that you have enjoyed this article and as always have fun and in this case, stay safe out there.