BREAKING NEWS

BREAKING NEWS

What does Malware mean for you?

What is the malware?

Now Reading:

What does Malware mean for you?

Text size Aa Aa

What is the malware?

•The ransomware attack has several names (WanaCrypt0r, WannaCrypt, or Wana Decrypt0r) but many have been referring to it as WannaCry.

•The attackers remain unknown, for now.

•What WannaCry apparently does is leverage a Microsoft OS exploit, reportedly designed by the National Security Agency in the USA, to encrypt a targeted computer’s files.

•The exploit, called ETERNALBLUE, was leaked online by a hacker group calling themselves the The Shadow Brokers

•This attack also uses what is called a DOUBLEPULSAR exploit, which is activated after ETERNALBLUE. Think of it a one-two punch. ETERNALBLUE knocks down the front door – exploits outer defences, then DOUBLEPULSAR delivers the virus. It is much better explained here

•What WannaCry exploits is a vulnerability in the SMBv1 protocol. SMB stands for Server Message Block. The protocol governs how computers connected to an online network or server communicate with each other to send info back and forth.

•The Shadow Brokers apparently came onto the world hacking scene in 2016.

•They claim to have stolen the MOS exploit from a NSA-affiliated hacking team called The Equation Group. It is thought the exploit which held at least 200,000 computers world-wide hostage in more than 150 countries was leaked online last month.

•The Shadow Brokers published a statement in a blog post in April 2017 blaming Donald Trump for “abandoning ‘your base’” and the “peoples who getting you elected”.

•This type of attack is called a ransomware attack. Files are encrypted but the victim has the opportunity to undo the attack if they pay a fee.

•Ransomware is a virus which in theory doesn’t harm the computer systems or its files. The point is to hold those systems hostage.

•The catch is a victim has only so much time to pay the ransom or their files are forever encrypted, or worse, the attacker wipes the computer clean and you lose everything.

What is the “ransom”, what is bitcoin?

•The attackers in this hack asked for $300 worth of Bitcoin currency before unlocking a hostage computer.

•Victims had three days to pay. At the end of the three days, the random was doubled. If a victim had not paid by seven days, their files would be forever encrypted.

•Bitcoin is digital currency which anyone can purchase using real government-issued money. It functions on a network of users who transact directly with each other – no middle men like banks. It is a scarce digital commodity – there are only 21 million bitcoins available for all users.

•$300 = 0.17129 bitcoin

•$1 = 0.00057 bitcoin

Are you (the individual user) at risk? Of what?

•Yes. You are. If you are operating a non-updated computer you are at risk of being a victim of this attack. Microsoft created a patch to fight against the vulnerability. If you haven’t already run it – do so.

How do you protect yourself?

•Forbes on Saturday published a story on how a 22 year-old in the UK helped cripple the spread of the virus. He found a vulnerability in the virus and it was all very lucky. You can read the article here.

•The exploit had been on Microsoft’s radar for a while now. In March the company released a patch which addressed a computer’s SMBv1 vulnerability. The problem is, not everyone has run this patch and, as we’ve found out, it was those institutions with the most outdated machines (like the NHS) that were most affected.

•Of course, there might be subsequent generations of this type of attack in the future. Normally, if one is good about regularly updating systems and processes, this type of attack shouldn’t be an issue.

•There are ways of detecting if your computer has the vulnerable exploit https://www.netfort.com/blog/detect-wannacry-ransomware/ found by the virus.