Skip to main content

Wana Crypt 2.0 cyber attack in Britain

WanaCrypt0r 2.0’ malicious software has hit the NHS some of Spain’s largest companies including Telefónica, as well as computers across Russia, the Ukraine and Taiwan, leading to PCs and data being locked up and held for ransom.

The ransomware uses a vulnerability first revealed to the public as part of a leaked stash of NSA-related documents in order to infect Windows PCs and encrypt their contents, before demanding payments of hundreds of dollars for the key to decrypt files.
The co-ordinated attack had managed to infect large numbers of computers across the health service less than six hours after it was first noticed by security researchers, in part due to its ability to spread within networks from PC to PC
The ransomware has already caused across Britain to disturb hospital facilities – but what is it, how does it spread and why is this happening in the first place?

What is ransomware?

Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it.

How does it work?

When a computer is infected, the ransomware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn’t get paid, often with a timer attached to ramp up the pressure.

How does it spread?

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.
What is WanaCrypt0r 2.0?
The malware that has affected Telefónica in Spain and the NHS in Britain is the same software: a piece of ransomware first spotted in the wild by security researchers Malware hack team at 9:45am on 12 May.
Less than four hours later, the ransomware had infected NHS computers, albeit only in lancashiear, and spread laterally throughout the NHS’s internal network. It is also being called Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.

How much are they asking for?

WanaCrypt0r 2.0 is asking for $300 worth of the cryptocurrency Bitcoin to unlock the contents of the computers.
Who are they?
The creators of this piece of ransomware are still unknown, but WanaCrypt0r 2.0 is their second attempt at cyber-extortion. An earlier version, named WeCry,discovered February this year it asked users for 0.1 bitcoin (currently worth $177, but with a fluctuating value) to unlock files and programs.

How is the NSA tied in to this attack?

Once one user has unwittingly installed this particular flavour of ransomware on their own PC, it tries to spread to other computers in the same network. In order to do so, WanaCrypt0r uses a known vulnerability in the Windows operating system, jumping between PC and PC.

Was there any defence?

Yes. Shortly before the Shadow Brokers released their files, Microsoft issued a patch for affected versions of Windows, ensuring that the vulnerability couldn’t be used to spread malware between fully updated versions of its operating system. But for many reasons, from lack of resources to a desire to fully test new updates before pushing them out more widely, organisations are often slow to install such security updates on a wide scale.

Who are the Shadow Brokers? Were they behind this attack?

In keeping with almost everything else in the world of cyberwarfare, attribution is tricky. But it seems unlikely that the Shadow Brokers were directly involved in the ransomware strike: instead, some opportunist developer seems to have spotted the utility of the information in the leaked files, and updated their own software accordingly. As for the Shadow Brokers themselves, no-one really knows, but fingers point towards Russian actors as likely culprits.

Will paying the ransom really unlock the files?

Sometimes paying the ransom will work, but sometimes it won’t. For the Cryptolockerransomware that hit a few years ago, some users reported that they really did get their data back after paying the ransom, which was typically around £300. But there’s no guarantee paying will work, because cybercriminals aren’t exactly the most trustworthy group of people.
There are also a collection of viruses that go out of their way to look like ransomware such as Cryptolocker, but which won’t hand back the data if victims pay. Plus, there’s the ethical issue: paying the ransom funds more crime.

What else can I do?

Once ransomware has encrypted your files there’s not a lot you can do. If you have a backup of the files you should be able to restore them after cleaning the computer, but if not your files could be gone for good.
Some badly designed ransomware, however, has been itself hacked by security researchers, allowing recovery of data. But such situations are rare, and tend not to apply in the case of widescale professional hits like the WanaCrypt0r attack.

How long will this attack last?

Ransomware often has a short shelf life. As anti-virus vendors cotton on to new versions of the malware, they are able to prevent infections originating and spreading, leading to developers attempting “Big Bang” introductions like the one currently underway.

Will they get away with it?

Bitcoin, the payment medium through which the hackers are demanding payment, is difficult to trace, but not impossible, and the sheer scale of the attack means that law enforcement in multiple countries will be looking to see if they can follow the money back to the culprits.

Why is the NHS being targeted?

The NHS does not seem to have been specifically targeted, but the service is not helped by its reliance on old, unsupported software. Many NHS trusts still use Windows XP, a version of Microsoft’s operating system that has not received publicly available security updates for half a decade, and even those which are running on newer operating systems are often sporadically maintained. For an attack which relies on using a hole fixed less than three months ago, just a slight oversight can be catastrophic.
Attacks on healthcare providers across the world are at an all-time high as they contain valuable private information, including healthcare records.6

Comments

Popular posts from this blog

Flying taxi : Who is partner of uber in project?

Partner of UBER in project of flying taxi Uber sees no need for startups to bet on a risky “if you build it, they will come” strategy for flying taxis. Instead, the tech giant believes the demand for a faster aerial commuting option already exists among its 60 million monthly users–especially if the flying taxi service can cost about the same as hailing an UberX car. As a result, Uber has partnered with several companies to help build a “flying car” service that could begin public trials in the city of Dallas-Fort Worth, Texas and Dubai in the United Arab Emirates by 2020. The announcement for the ambitious 2020 goal kicked off the start of the Uber elevate summit being held in Dallas from April 25-27. Besides naming partner cities, Jeff Holden, Chief Product Officer at Uber, introduced the companies partnering with Uber to make those early demonstrations of the “Uber Elevate Network” happen within three years. Such partners include one of the U.S. makers of the military’s t

Qualcomm snapdragon 845

Qualcomm & Samsung working on Snapdragon 845, to debut in Galaxy S9 Samsung Galaxy s8 and s8+ just launched but that isn’t stopping Samsung from already working on the Galaxy S9. Well, at least one component for it. According to a recent report, Samsung and Qualcomm have started work on next year’s Snapdragon 845 chipset, which will make its debut in the Galaxy S9. Qualcomm’s next-gen chipset will very likely be called the Snapdragon 845, even though that is subject to change. Once development has completed, either Samsung or TSMC will begin manufacturing the chipset. It’s unclear where Qualcomm hopes to improve on this upcoming chipset compared to the current Snapdragon 835. However, it’s likely that the company will continue to focus on extracting more performance as well as making everything more efficient, leading to better battery life. It’s also possible that the 845 could include some enhancements for VR and AR. Even though Samsung just unveiled the Galaxy S8, the

Facebook's Wifi Coming in india with High Speed

Facebook with Bharti Airtel to Start 2000 Hotspot All over India At NEW DELHI : Social networking king  Facebook has get collaborate with leading Indian Telcom company Bharti Airtel to start  20,000 Wi-Fi hotspots across the country to offer low cost internet services through the  high Wi-FI service . Munish Seth, regional head APAC, Facebook Connectivity Solutions, said ET that  partnership is atrapidly expanding Wi-Fi areas in India. "Airtel is already in the planning stage for this deployment on higher scale." Partnership between them Express Wi-Fi to reach millions of more Indians who need super-fast and low cost connectivity. These hotspots will begin to real positioning in upcoming few months .  Express Wi-Fi is part of Facebook's global initiative for spreading  internet connectivity to all over india. The service is currently working  in five countries contains  India, Kenya, Tanzania, Nigeria and Indonesia on test basis. Facebook has begun testing fa