We saw how Microsoft’s expressed relief headache ended as they released this statement “we fixed this vulnerability two months ago! If you all updated your security settings in Windows this wouldn’t be a problem!
Last Friday this ransomware called ” WannaCry” created havoc across thousands of computers around the world. Unfortunately, a lot of people didn’t update the patch and are now caught in trouble. A rough estimate shows that users in 150 countries were affected. Organizations of all sizes from Hospitals, railway system, FedEx, Russian government agencies, manufacturing firms etc were caught unaware. They were cut off from their servers, their files ripped through, account seized and more. According to Europol, nearly 200,000 computers had been infected.
The WannaCry Modus Operandi
A virus or ransomware spreads when users unwittingly click on an unsafe link or email attachment that carries the malware. The creator of WannaCry, however, made use of an Microsoft’s old Windows flaw (a hole in the code), which allowed them to remotely take control of a computer and install Encryptor. So even if the user doesn’t click on any link it will still find its way into your system.
Users who didn’t update their computer with Microsoft’s latest patch were booted out within seconds. The malware denied them any access and demanded $300 (in bitcoin) in exchange for getting their computer and data back. The victim had three days to pay out and after that, the amount will be doubled to $600. Nevertheless, security experts say WannaCry could only fetch USD37,000 as ransom. According to Checkpoint Security points, victims have not been able to retrieve their files even after paying. This might not be a big money, but taking into account the havoc this malware has created, it looks like many more businesses might fall prey expecting data after paying money. Those behind WannaCry is not responding, and it’s quite unlikely that they will decrypt anybody’s files as promised, says Checkpoint.
Meanwhile a 22-year-old cybersecurity analyst in the UK “accidentally” managed to stop the spread of WannyCry when he unwittingly activated a “kill switch” in the malicious software. According to him, the malware was connecting to an unregistered domain with a long string of letters iuqerfsodp9ifjaposdfjhgosurijfaewrwergwe- a.com. He checked if the preposterous domain was registered or not, but it wasn’t so he bought it for $10.69. It turns out that the domain was intended to be a backup plan for the malicious hackers in case they wanted to stop the spread of WannaCrypt. As soon as the domain was registered, thousands of connections a second began flooding in.
He developed the “Kill Switch” which was hardcoded into the malware. When the malware makes a request and shows the domain is live, the ‘Kill Switch’ will stop the spread.
“It Will be Back”, said the 22-year old Malware Tech. “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”
How Does WannaCry Ransomware work?
Protect your organization with Containment Technology!
Your risk of infection depends on how adventurous you are, so how can you be sure that you are definitely not going to get Virus on your system. A virus removal software (antivirus) can help to a large extent, but more than that there is something called Automatic Containment Technology (ATS). This defeats zero-day attacks better than any other security.
- When an unknown process gains access to user data, ACT takes the file and place it in a confined place in the system, where but it cannot access or damage user data.
- Whether the unknown files are malicious or safe, they run in the sandbox just as well as they would on the system.However, they cannot damage or infect the systems because they cannot access the underlying system.
This allows safe applications the freedom to run as needed while denying malicious applications the system access they require to deliver their payloads. If the processes are determined to be good, they are automatically released out of the secure container, contingent upon the administrator’s policy.