15 May 2017

World Under Ransomware Cyber Attack

In the wake of last week’s attack, a cyber nightmare has paralyzed computers and worried IT specialists around the world. The malware software, called WannaCry attacked over 200,000 computers in 150 countries across the globe.

The attack started in the early hours of Friday and continued through the weekend. WannaCry, a software which enters the computers and blocks their files until a ransom is paid, effected mainly government institutions and private companies. In the UK, over 20 hospitals have suffered the strike, causing disruption to their work and worries among the public. In Europe, the malware hit Deutsche Bank, Telefonica – the biggest Spanish Telecom and also Russia’s interior ministry. WannaCry was received by the US logistic giant FedEx and two of the biggest car manufactures in the world – Nissan and Renault.

The money for the cyber-ransom was linked to three accounts. According to BBC, currently only around £29,400 (all in bitcoins) were paid but they expect the sum to increase as—according the ransomware message – the cost will double after three days. If the no payments are made within a week, the malicious programme is threating to delete all files of the attacked computer.

The attack spread like lightning and caught hundreds of IT departments unprepared on Saturday and Sunday. It is believed that the fast spread is due to a virus known as a worm and in contrary of other programs that need a click on attachment to ignite, this one moves around the network by itself. After the initial fast spread, through the joined expertise of IT specialists from around the world, the malware was slowed down. The 22-year-old British IT specialist Marcus Hutchins was identified as the first who managed to slow down the speed of ransomware. The young researcher, who has a Twitter account MalwareTech and enjoy playing games in his parents’ house, has registered a corrupted domain name, hidden in the malware, hoping to track the virus. Instead his action halted the spread of the ransomware and turning him into “accidental hero”. Hutchins even published a blog post titled “How to Accidentally Stop a Global Cyber Attacks”, explaining his actions exactly.

Early this morning the spread of the malware was controlled and only an accidental case was registered. However, IT specialists around the world are concerned that the threat hasn’t disappeared and another attack is on the way.

Who did it?

Surprisingly the routes of the malware were traced back to the US National Security Agency (NSA). According to the investigation in March, Microsoft has been working on a malware weakness in the NSA system. Apparently WannaCry was built to exploit a bug found in the NSA system. In April, the hacking group Shadow Brokers reported that they breached NSA’s system and leaked the security weakness. Elements of that malicious software were found in this weekend’s attack. “It would be deeply troubling if the NSA knew about this vulnerability but failed to disclose it to Microsoft until after it was stolen,” Patrick Toomey, a lawyer working for the American Civil Liberties Union commented.

At the moment, the spread of the malware has been contained. However, it is still unclear how much of the ransom money will be collected. The unusual way of collecting the money via Bitcoin raises another issue for the investigation – Bitcoin wallets are harder to trace.