Wednesday, 17 May 2017

WHAT YOU WANNA KNOW ABOUT WANNACRY



So Who Really Made Us Cry?


WannaCry or WannaCrypt has caught the attention of the world. Here are 10 salient things you need to know:

1.                   The WannaCry ransomware attack/ WannaCrypt/WanaCrypt0r 2.0/ Wanna Decryptor is an ongoing worldwide cyber-attack of the WannaCry ransomware computer worm. It  targets and spreads by exploiting a vulnerability in  Microsoft Windows operating system.

2.                   Since the start of the attack on 12th May 2017, it is said to have affected more than 2,30,000 computers worldwide.

WannaCry Timeline Courtesy: Symantec


3.                   The vulnerability known as “Eternal Blue” and  “DoublePulsor Backdoor” were tools developed by the U.S National Security Agency (to spy on people) but were released online in April in the latest of a series of leaks by a group known as the Shadow Brokers, who claimed that it had stolen the data from the Equation cyber espionage group. Once installed WannaCry uses these tools to spread through local networks and remote hosts that have not been updated with the latest updates and infect other systems.


4.                   Microsoft had released a criticalpatch on 14th March 2017 but many organizations had not installed it. People usually avoid updates to continue to use their legacy software and also possibly since Microsoft updates are believed to contain spyware to gather data about the usage habits of people. But now, everyone is rushing to install the patch even if it means Microsoft can catch them n@ked.
 
WannaCry Notification : Courtesy www.symantec.com/security_resposne/writeup.jsp?docid=2017-05130-3522-99

5.                   After taking over a computer WannaCry searches for and encrypts 176 different file types and appends .WCRY to the end of the file name. It ask users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.


6.                   People have been advised against paying the ransom since there is no guarantee that the files would be decrypted after paying the ransom. Still it is said that people have already paid more than 70000 dollars to the three hardcoded bitcoin addresses, or "wallets", used to receive the payments of victims.

7.                   The attack was accidentally slowed down shortly after it began, by a web security researcher Marcus Hutchins, who blogs as "MalwareTech" who unknowingly flipped an effective “kill switch” by registering a domain name he found in the code of the ransomware.But new versions have now been detected that lack the “kill switch”


8.                   As per Kapersky the countries affected most are Russia, India, Ukrain and Taiwan

9.                   Here is the list of affected organizations in India (at least those who have admitted it):

a.                   Government of Kerala
b.                  Government of West Bengal
c.                   Government of Gujarat
d.                  Andhra Pradesh Police

10.               Here is what “experts” are advising you to do to protect your data from this attack :
·       


     Keep your security software up to date.

·       Keep your operating system and other software updated.

·       Be careful of unexpected emails especially if they contain links and/or attachments.

·       Unless you are absolutely sure that a Microsoft office file is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.

·       Back up important data and ensure that backups are appropriately protected or stored off-line

·       Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to roll back to the unencrypted form.

Duh!! So what they are saying is that the reputed multi million dollars organizations who have been infected worldwide didn’t follow the above simple rules??

Government of India has also tried to play an active role in spreading awareness about this ransom ware by circulating this link: webcast.gov.in/cert-in/

Now the questions whispering in my head:

a.                   Why did U.S.NSA ever create such horrendous tools which can wreck havoc with people's computers? If they did create them then why were they allowed to be leaked?
b.                  Why did Microsoft allow for creation of such vulnerabilities which can be exploited so lethally? Shouldn't they be held liable?
c.                   Why is Fake media is whipping up rumors that North Korea spread this malware even though there is no direct evidence except for the chance similarity between the code used by Lazarus Group and WannaCry?
d.                  Why aren't servers worldwide designed to stem infections instead of spreading them?
e.                   Why is Bitcoin even allowed as a currency when it enables people to keep their identity secret? Doesn't this encourage terrorist activities?
f.                    How come all the supposedly “best brains” in the internet security business able to catch the perpetrators? Are they hand in glove with them. Right now they must be thanking them due to the quantum leap in their business.Shouldn't the IT security heads of these billion dollar firms be fired or prosecuted for failing to safeguard some of the topmost companies in the world?



2 comments:

  1. Many thanks for informative article. Even my irresponsible AND where I work (it's an Indian bank) has been infected by WannaCry but they are embarrassed to admit it to their customers. We have stopped issuing cash in many branches and I feel bad about having to lie to customers that it is a minor problem and servers are down for maintenance. I heard my senior management is paying the ransom , that is the hard earned money of our customers.

    ReplyDelete
    Replies
    1. LOL even in my bank which is a very large public sector Indian Bank, several computers in many branches were affected. But the bank is scared to admit it. So now we are WORK -HOLIDS , i.e. we turn up for work but have nothing else to do except sit and chat around. We do that anyways, but now even the customers cannot complain about us. My favorite word for this new digital age is "technical problems".

      Delete