Ransomware and the ‘WannaCry’ Global Attack


A ransomware global cyber-attack has affected more than 200,000 organizations in 150 countries. Cyber criminals who launched the attack have called it ‘WannaCry’ and it appears to have used a flaw in Microsoft’s software, discovered by the National Security Agency and leaked by hackers, to spread rapidly across networks locking away files. The attack has affected agencies, organizations and individuals alike. The hacking group behind the attack has threatened to publish more stolen computer bugs like the one used subsequently in the WannaCry attack. This group is not directly behind the attack though. They released the flaw in Microsoft in the market for other hackers to pick up and exploit.

Ransomware is a type of malicious software that blocks access to data or threatens to publish it until a ransom is paid. Effects of the simpler versions of the virus are easy to reverse but the more advanced ones use a technique called cryptoviral extortion, in which the virus encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

A ransomware attack may also encrypt the computer’s Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing their data files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.

Once user data files are locked and encrypted, they cannot be accessed. The hackers take control of the affected device, computer/phone, and ask for a ransom in return for control of the user’s data files. Although victims are advised not to give in to demands of ransom as it encourages the attackers, ransomware attacks are on the rise because it is a quick method to mint some money and mostly victims easily give in to such threats for the sake of recovering their stolen data and information

Even if victims do pay, there is no guarantee that all files will be returned to them. In the wake of ransomware attacks, which is a rising trend among hackers, users should have a back-up for all their files on a completely separate system with no access to the internet. In the case of an attack, files can be restored from the backup data without having to give in to the extortionists. There are also tools available that can decrypt and recover some lost information.

The payment demanded is in the form of bitcoin, an online cryptocurrency. The digital currency is popular among cybercriminals because it is decentralized, unregulated and practically impossible to trace.

Bitcoin is a digital payment system invented by an unknown programmer, or a group of programmers, under the name Satoshi Nakamoto. It was released as open-source software in 2009. The system is peer-to-peer, and transactions take place between users directly, without an intermediary. These transactions are verified by network nodes and recorded in a public distributed ledger called the blockchain. Since the system works without a central repository or single administrator, bitcoin is called the first decentralized digital currency.

Bitcoins are produced by mining and can be exchanged for other currencies, products, and services in open and clandestine markets. As of February 2015, over 100,000 merchants and vendors accept bitcoin as payment. According to a research produced by Cambridge University in 2017, there are 2.9 to 5.8 million unique users actively using a cryptocurrency wallet, most of them using bitcoin.

But how are devices accessed by the hackers? The answer is simple, through the internet. Cyber criminals can gain access to computers, phones or connected devices by simply sending a malicious software to that system. The software, once installed, gives access to hackers and they can then control the system and block user access to all files and data. All files found on the system can be controlled and blocked. This tends to be a gradual process with files being encrypted one after another.

The malicious software is installed on a system when the user unknowingly clicks on a link sent in an email, by visiting a compromised website or opening a message on social media platforms such as WhatsApp. It can come embedded in apps as well which are available for download in app stores. The links can seem like coming from known users or trusted sites but are actually malicious and intended by hackers to hack your system. Downloading a bad program or app, and visiting a website that is displaying malicious adverts can easily result in an infected device.

This threat applies equally to individuals as well as organizations. Although organizations have sophisticated security systems in place to ward off such attacks and spot such an occurring before it can cause a lot of damage. Organizations have ransomware decryption tools that can bypass the malicious software. Majority individuals, on the other hand, do not have sufficient security measures and contingencies in place to keep their data out of reach of hackers and cyber criminals and may end up losing access to all of their information.

The most recent ransomware attack called Wanna Decryptor, also known as WannaCry or wcry, is a specific ransomware cryptoworm targeting computers running the Microsoft Windows operating system locking away all data on a computer system and leaving the user with only two files: instructions on what to do next and the Wanna Decryptor program itself.

On a hacked system, when the software is opened it tells computer users that their files have been encrypted, and gives them a few days to pay up, warning that their files will otherwise be deleted. It demands payment in Bitcoin, gives instructions on how to buy it, and provides a Bitcoin address to send it to.

WannaCry is a global ransomware outbreak of unprecedented proportions. It started on Friday, 12 May 2017 and many countries, organizations and individuals have been affected so far. Notable among these are the National Health Service in the UK, Telefonica in Spain, FedEx and Deutsche Bahn.

Despite all contingencies and security measures in place, it can be very difficult to prevent determined hackers from launching a ransomware attack, but exercising caution can help. The best way to protect yourself is to be suspicious of unsolicited emails and always type out web addresses yourself rather than clicking on links. Another key defense is antivirus programs that can scan files before they are downloaded, block secret installations and look for malware that may already be on a computer.

For antivirus programs to provide optimum protection, they must always be kept up-to-date otherwise they cannot protect against all attacks as malicious programs keep on changing and updating and may not be covered by an outdated antivirus.

Although cybercriminals are constantly working on new ways to override such protection, anti-virus is our first line of defense against such attacks. Having data back-up is the second best thing we can do to keep ourselves safe online. Not having any data whatsoever on devices that connect to the internet is another option, though a lot of people find that very inconvenient. Cyber security companies possess sophisticated defenses against ransomware attacks, including machines that fight back when they spot hackers in a system.