WannaCry ransomware : Why Was Attack Such a Big Deal? - Hello 3xploi7er, back again here, today we will share about wannacry Hospitals in the UK couldn’t get access to their systems and were turning patients away. Car factories in France had to shut down. A Spanish telecommunications company told their employees to shut down their computers. Computers all over the world were being infected by WannaCry, a massive hacking attack that caused worldwide computer chaos.
By May 14th, more than 200,000 computers in more than 150 countries had been affected. And yet, the attack didn’t seem to cause much long-term damage. The hackers only made about $100,000 in total. We just witnessed one of the largest and strangest computer attacks ever. WannaCry is an example of a type of attack called ransomware, where the data on an infected computer is encrypted or scrambled.
In return for restoring access to your files, the hackers demand a ransom payment — in this case, either $300- or $600-worth of the digital currency bitcoin. There are lots of kinds of ransomware out there, but WannaCry spread very quickly using a tool that security experts believe was created by the NSA. To be clear, the NSA wasn’t interested in ransom, just in snooping, but they created a tool that took advantage of a security weakness in Microsoft software.
This tool, dubbed EternalBlue, exploits a vulnerability in something called the Server Message Block, or SMB protocol. The SMB protocol is basically a system for sharing file access across a network. It’s used by lots of people all the time, and the reason why you might never have heard of it is that normally, it’s totally safe. Well, the NSA discovered that in some versions of Windows, the SMB protocol can be tricked into accepting packets of data from remote attackers.
EternalBlue was designed to use that flaw as a way in. That’s pretty freaky to think about, but no one outside of the NSA would have known about it — and WannaCry might never have happened — if it weren’t for a leak earlier this year. In April, the Shadow Brokers, a group of hackers that’s thought to be tied to Russia, stole EternalBlue from the NSA and published the exploit online.
Microsoft quickly released a patch for the issue for the operating systems they still officially support, like Windows 7 and Windows 10. In theory, that should have headed off any potential problems. With the patch, EternalBlue would be useless. But, not everyone actually installs patches and updates their systems regularly.
I mean, at some point we’ve all clicked the button saying "tomorrow! Remind me tomorrow!". It's annoying. And more than 5% of Windows computers are still running XP, even though Microsoft stopped releasing security updates for it three years ago. So, people and organizations worldwide were left with a gaping hole in their cybersecurity, which WannaCry took advantage of.
The UK’s National Health Service hospital system was especially vulnerable because as recently as last year, computers in 90% of NHS hospitals were still running XP. It’s easy to blame the hospitals for using a 16-year-old operating system. Like, it doesn’t seem that hard to upgrade. But it’s not that simple.
From MRIs to microscopes, practically everything in hospitals uses computer programs, and it’s often hard to get them to work properly with newer operating systems. So upgrading everything would have been a major IT investment. The hospitals’ data was all backed up, though, so within a day of the attack, pretty much everything was up and running again, no ransom payments needed. But just like not everyone downloads and installs those annoying software updates promptly,
not everyone is as vigilant about backing up as they should be. So even though most big organizations were fine, lots of individual people were losing access to their data. That is, until someone discovered that WannaCry had a major flaw: a kill switch that an anonymous cyber security expert in England discovered almost by accident. The hero, who goes by the name MalwareTech, was looking through the WannaCry code as it
spread on Friday and found that it was built to check whether or not a specific gibberish URL led to a live website. So he registered the domain name to see what would happen. And it turned out to be a kill switch built in by the ransomware’s creators. Registering the URL was a signal that stopped the malware from spreading. New variants of the malware have popped up and continued to spread, but they’ve mostly
included their own kill switch domain names, leading to a game of cyber security whack-a-mole. It’s not clear why the hackers behind the attack included this in the code, but we’re lucky they did. And that’s the thing: the part of the ransomware’s code that’s based on EternalBlue is really sophisticated. But according to security experts, having a kill switch was an amateur mistake.
So was the way the hackers set up their ransom payment system. They didn’t code it in a way that let them keep track of who actually paid the ransom, and it’s set up so they would have to decrypt each victim’s files manually. Which might explain why almost no one seems to have gotten their files decrypted. But a more sophisticated attack could have done a lot more damage. At this point, there’s no reason anyone else should be affected by WannaCry or its
copycats: Microsoft released special one-time patches for old operating systems that are vulnerable, including Windows XP, so no matter what you’re running, you’re safe if you update. And if you were infected by WannaCry, security researchers have released tools that can decrypt your files as long as you haven’t rebooted your computer. We still don’t know for certain who was behind this, and we may never find out.
This won’t be the last time a malware attack sweeps the planet, though. Hackers are always finding new vulnerabilities, and there are always going to be people who don’t update right away. So, WannaCry’s lesson is clear: install those updates, and back up your stuff. Hopefully we don’t have to make another news episode about a massive computer attack
any time soon, but if you want to learn more about some really bad ones, check out our article about the worst computer viruses of all time.