Do not pay ransom if affected by WannaCry and its variants, cybersecurity experts warn. Governments around the world, cybersecurity agencies and software providers have found effective ways to counter WannaCry ransomware.
Global efforts to track culprits behind WannaCry and bring them to justice are underway. About half a million computers worldwide could be affected by the malware. The number could be more, as mutants appear. Yet, there is no need to panic, assure governments and cybersecurity experts.
Understanding WannaCry Ransomware
The US Computer Emergency Readiness Team (US-CERT) defines ransomware as: “A type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.”
It proliferates through e-mail and other data sent from computers unprotected by anti-malware firewall. Ransomware blocks access to data until ransom demands are fulfilled. WannaCry attacks through vulnerabilities in Microsoft Server Message Block 1.0 (SMBv1).
It proliferates via email sent from PCs and laptops operating on Windows systems, unprotected by firewall against malware. Such email could appear as sent by ordinary citizens and trusted sources.
Upon opening infected email, WannaCry launches to block access to all data unless ransom is paid. Newer mutants of WannaCry are being detected worldwide and killed before they spread by cybersecurity experts. Cybersecurity agencies of various governments have put resources online to help defend against this ransomware.
WannaCry is billed as the biggest hack attack in world history till date. It has targeted some of the biggest organizations of the world for almost a week and remains active till date.
Android phones are not at risk from WannaCry and its mutants. However, emails received on smart phones may carry the ransomware and transit it inadvertently. iPhone and Blackberry are unaffected by WannaCry. However, updating anti-virus software on smart phones is recommended.
Am I at risk from WannaCry ransomware?
Any computer running with Windows operating system is at risk. As explained before, WannaCry and mutants utilize SMBv1 vulnerabilities to attack.
Though Microsoft had launched a patch to plug this vulnerability, most computer user paid scant attention. Hence, anyone whose home and PC/ laptop and servers are unprotected by the patch is vulnerable.
Modus operandi of WannaCry
WannaCry embeds itself on unprotected devices and locks itself to seemingly innocuous emails sent to targeted organizations. It primarily targets databases of government organizations, financial institutions including banks, corporate entities, mobile and transportation networks.
In brief, it aims to disrupt services provided to ordinary citizens with criminal intent of extortion. It proliferates in various formats and can overwhelm unsuspecting Internet users, if their anti-malware firewall is not updated. Once a database is hijacked, WannaCry perpetrators demand ransom equivalent to US$600, to be paid in Bitcoin.
Protecting your data
Microsoft has also offered details about how WannaCry can attack computer systems and provided detailed tutorials for defence. Cisco has published security alert bulletin and informed users how to defend against WannaCry.
For uninitiated, updating Windows Defender and other firewalls on your PC/ laptop will do the needful and protect against WannaCry also called WannaCrypt, Wana Decryptor or WCr.
While the ransomware has targeted major organizations, home and individual computer/ Internet users are not safe since they could serve inadvertently as mediums to spread the malicious software. Cybersecurity experts have warned, Apple users are also at high risk from WannaCry.
Global efforts to counter WannaCry
Interpol, the world’s largest police organizations with 190 member countries has begun collecting forensic and other evidence to bring culprits responsible for WannaCry outbreak to justice.
European Union’s unified law enforcement agency Europol and its cybercrime detection agency, European Cybercrime Detection Centre (EC3) is working with countries affected by WannaCry.
“The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation,” a Europol statement says.
In addition, Europol has teamed with the Royal Netherlands Marechausee (Dutch police) and industry partners to provide resources to WannaCry affected countries and companies in Europe and elsewhere. Cybersecurity firm Check Point is giving unique real-time threat tracking system that indicates origin of the attack and targeted countries.
Origin of WannaCry
Cybersecurity experts blame the US National Security Agency for alleged leaks concerning vulnerability of Microsoft SMBv1 system. Microsoft President Brad Smith blamed NSA for stockpiling computer vulnerabilities.
Following WannaCry outbreak, Smith decried NSA and governments for maintaining secrecy over alleged theft and leakage of software potentially useful to exploit SMBv1 vulnerabilities.
The security breach reportedly went unreported. Consequently, patches released by Microsoft to plug this vulnerability, was underutilized by computer users worldwide. Some cybersecurity experts blame elements in North Korea for WannaCry attacks.
They aver, software footprints and other technical details of WannaCry closely resemble another malware unleashed from that country.
WannaCry and Bitcoin
WannaCry ransomware attack is the world’s first where ransom is demanded in Bitcoin, the globally popular cryptocurrency. The reason: Trading in Bitcoin affords unparalleled anonymity.
Nobody knows who owns Bitcoins, who sells or buys them. Unlike conventional currency, Bitcoin does not have physical substance. It owes existence to cyberspace.
Currently, a single Bitcoin fetches close to US$ 1,700. Impact of WannaCry on Bitcoin trade in the world is unknown. But the fact that ransom was demanded in Bitcoin opens up several questions related to future of cybercrime and the entire Bitcoin system.
Perpetrators of the ransomware attack might escape with impunity and enjoy the booty, which jeopardizes future of Bitcoin. Reports from unverifiable sources claimed, WannaCry hackers had collected some US$ 20,000 worth Bitcoin ransoms from entities hit by the ransomware.
Impact of WannaCry
The first attack by WannaCry ransomware was detected at 08.44Hours Greenwich Mean Time (GMT) on May 12, 2017. An unsuspecting Internet user inadvertently opened email infected by WannaCry, setting off a chain of data hijacks for ransom.
- The first victim was reportedly Spain’s telecommunication services provider, Telefonica. The next was UK’s National Health Service.
- The ransomware attacked databases and hospitals across the UK denying access to vital medical records of patients. WannaCry simultaneously struck other hospitals in UK too.
- By afternoon, WannaCry had attacked France’s automobile major Renault.
- Germany’s railway network Deutsche Bahn.
- In the US, freight forwarding giant FedEx was hit.
- Anti-virus maker Kaspersky states, 60 percent victims were in Russia, though officials deny.
- India’s Computer Emergency Response Team sounded Critical Alert on May 13, 2017 but upgraded to Red Alert on May 14, 2017. On May 15, 2017, Indian banks decided to switch off some 60 percent Automated Transaction Modules (ATMs) that could be affected by WannaCry.
- China’s officials announced, some computers using Windows operating systems were affected without disclosing further details.
- Japan has yet to report any computer casualties. The Japanese government expects the impact to appear after May 18, 2017.
- Brazil’s social security system, foreign ministry and state-owned energy corporation Petrobras had to shut their websites following attempted attacks.
Impact on Bitcoin
The demand by WannaCry attackers for ransom in Bitcoins has raised serious questions over the world’s largest crypto-currency. The reason for Bitcoin in ransom is, owners enjoy complete anonymity.
A host of news articles, letters and blogs questioning the future of Bitcoin and its possible use in future cybercrime can be found on the Internet. Sceptics believe, the malware attack sounds death for Bitcoin since genuine buyers will now shun the crypto-currency due to fears of criminal investigations.