The WannaCry ransomware cyber attack hits countries on Friday, 12 may 2017 infecting more than 230000 computers more than 150 countries. The attack software demanded ransom payments in the cryptocurrency Bitcoin in 28 languages.
According to the report, the attack affected Telefonica and several other large companies in Spain as well as parts of Britain National Health services, FedEx, Deutsche Batin & LATAM airlines. Other targets in at least 99 countries were also reported to have been attacked around the same time.
The attack spread by phishing emails and also uses the EternalBlue Exploit and DoublePulsar Backdoor developed by the U.S National Secret Agency (NSA). It spread through a network which was not recently updated in security version.
It spread quickly like a worm in the network. It encrypted the files on the system and blocked the user from accessing critical information. The popup software displayed blocking the user access to the system at the time attack and asking for payment of $300 to $600 in Bitcoins to unlock files on each affected computer. There is no guarantee about the getting the access to the system after making the system.
Europol Director Rob WainWright told ITV’s Peston on a program that the attack was indiscriminate. Wainwright called fast spreading hack “unique” because ransomware was being used in combination with a worm, meaning that the infected of none computer could automatically spread ti through on entire network.
The attack affected many national Health services, hospitals, airlines, banks, even MRI scanner, blood storage refrigerators, theater equipment and up to 70,000 devices.
Nissan Motor manufacturing UK in tyne and wear England halted production after the ransomware infected some of their systems. Renault also stopped production at several sites after their system gets affected. The attack could have been worst but anonymous security expert, who was independently researching malware not discovered that a kill switch had been built in by its creator.
Cyber Security expert Ori Eisen said that the attack appears to be low level. It just demanded $300 to $600 and also states that the same thing could be done crucial infrastructures like a nuclear power plant, dams or railway systems.
WannaCry Ransomware attack mapping timelapse:
Several hours when the initial release of the ransomware on 12 may 2017, a researcher who blogs under the name MalwareTech accidentally discovered what amounted to be a “kill switch” hard coded within the malware whereas making an attempt to ascertain the scale of the attack. Registering a site name for a DNS sinkhole stopped the attack spreading as a worm, as a result of the ransomware only encrypted the computer’s files if it absolutely was unable to attach to its domain, that all computers infected with WannaCry before the website’s registration had been unable to try to. whereas this didn’t facilitate already infected systems, it severely slowed the unfold of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, that had not been attacked to the constant extent as elsewhere. Analysis of the kill switch advised that it should actually be a bug within the malware whose code was originally meant to create the attack more durable to analyze. However, the kill switch domain must be on the market locally, and also the response should be able to reach the malware to effectively work. Some network configurations could forestall the kill switch from working.
Microsoft released a statement recommending users install update MS17-010 to guard themselves against the attack. In associate uncommon move, the company also created security patches for many now-unsupported versions of Windows, together with Windows XP, Windows 8 and Windows Server 2003