On Friday, May 12, 2017, a large cyber attack was launched, known as WannaCry or WannaCrypt. The well-coordinated ransomware attack infected more than 200,000 computers across 150 countries in its first wave according to Europol. The malware paralyzed hospitals to perform surgeries, interrupted transport networks, and Russian and Chinese private and public institutions are said to be disabled most of the day.
What’s with this ransomware?
WannaCry is a ransomware program targeting the Microsoft Windows operating system based on a cyber-weapon known as EternalBlue, developed by the US National Security Agency.
It was stolen and published online last year by a group known as the Shadow Brokers, alleged to be connected to Russia’s spy agencies. The ransomware started taking over users' files on Friday, demanding $300 to restore access.
EternalBlue, fabricated to exploit the then-unknown Windows software loophole, was used as a platform by WannaCry’s operators to amplify the malware. The virus spread across organizations via any file-sharing protocols, such as drop boxes for documents or databases, or by phishing emails. Older, unsupported operating systems such as Windows XP and Windows Server 2003 were particularly at risk, but Microsoft has now taken a step to release updates to prevent the spread of the malware.
More than 1.3 million computer systems are still vulnerable to the ransomware.
Places attacked
A White House official said that the US President Donald Trump ordered an emergency White House meetings on Friday and Saturday to identify the culprits and the threat posed by the cyber attack. So far, the main targets of the attack have been outside the United States.
But neither the federal government nor the American corporations assume that this will continue to be the case.
According to experts on guard for new attacks, several variants of the said malware have begun to flourish. Matthieu Suiche of Comae Technologies, a cyber security company based in the United Arab Emirates said that currently, what we are experiencing is the second wave.
The attackers have released new variants of the malware and we can surely expect more.
There were reports of new cases over the weekend in Japan, South Korea and Taiwan. The National Police Agency in Japan found two computers with the malicious software over the weekend, according to reports by NHK. One was found on a personal computer in a hospital, while the other was on a private citizen’s home computer. A hospital in Taiwan also reported that one of its computers was infected, Taiwan’s Central News Agency said.
Additional details
WannaCry ransomers had received only 23.2 bitcoins, or roughly $40,000, in ransom payments from 157 sources according to bitcoin transaction data accessible through bitcoin.info, as of Monday morning.
Shortly after the attack began, a researcher, going by the name of Marcus Hutchins found an effective kill switch which halted the spread of infection, but new and repurposed version of WannaCry have now been detected that lack the kill switch.
