WannaCry Ransomware was a cyber attack outbreak that started on May 12 targeting machines running the Microsoft Windows operating systems. It affected companies and individuals in more than 150 countries, including government agencies and multiple large organizations globally. One such organization affected was National Health Services (NHS) in England and Renault-Nissan, which halted production in some areas as a result. The affected systems had all data encrypted and a message from the attacker demanding payment of a ransom within 3 days using bitcoins or else the cost would increase. Anyone who refused to pay would eventually lose access to their files and information stored in them.
While initially, the experts thought the sudden spread was distributed by mass email spam campaign, the reality was quite different. A Threat Intelligence Team discovered how it spread and wrote a detailed piece on the malware shared how the WannaCry Ransomware spread. The NSA had discovered a vulnerability called EternalBlue in Windows systems but didn’t disclose it. After the massive attack, they were heavily condemned for it. However, Microsoft discovered this vulnerability in March and promptly issued a patch to fix it.ost Windows users either didn’t take the update seriously or got lazy installing the necessary patch. As a result, the WannaCry Ransomware attack was able to exploit the SMB (Server Message Block) protocol on Windows machines that remained vulnerable.
The WannaCry ransomware infected millions of Windows systems in around 150 countries. The most affected countries were Russia, Ukraine, Taiwan and India. The worm also infiltrated many NHS systems across England halting their services as well. The Wikipedia entry for this attack contains more details on the affected organizations. Once a system was compromised by WannaCry and the data was encrypted, victims were asked to pay a fee of $300 in the form of bitcoins in less than 3 days. After 3 days, the amount is doubled to $600. If the ransom was not paid within seven days, the attacker threatened to delete the files altogether. 
No comments:
Post a Comment