Latest Large-Scale Ransomware Campaign Impacting Many Organisations Globally – Wannacry Ransomware


Isn’t everyone shouting about the Wannacry Ransomware out there? The wrath of this cyberattack is known all around the planet. Let us get to the minute details of this cyberattack which shook every organisation from within. A ransomware is a software that finds a way to reach your computer and run harmful files to block your computer and ask for money to leave it.Likewise, the Wannacry ransomware basically encrypted all the data in a computer connected to a network and then asked money in return of decrypting the data.

The money was asked to be paid by using Bitcoin, the much controversial digital payment system. The asked amount of money was $300 initially, and it would double after a period of 3 days. It would also lock your computer forever if the amount wasn’t paid within 7 days of the attack. The initial reports denote that it started infecting the computers in Asia on 12th May 2017 at around 7:44 UTC. It then spread on to infect over 230,000 computers in more than 150 countries around the world. FedEx, Deutsche Bahn, Spain’s Telefonica, and parts of Britain’s NHS (National Health Service) were also affected.The four of the most affected countries were Taiwan, India, Ukraine and Russia.

The sheer magnitude of this attack left everyone dumbstruck in the beginning. Every organisation using the Microsoft Windows operating system was targeted. All the systems operating on older versions of windows XP and systems lacking latest security updates were also targeted. Reports from a study conducted by Kaspersky Labs suggest that over 98 percentages of infected computers were running on Windows 7.

The cause of this cyberattack is said to have been the knowledge of vulnerability in the Windows operating systems in implementing Server Message Block (SMB) protocol. Wannacry ransomware worm finds out the potential computer systems on a network and gets itself installed with the help of DoublePulsar, which is a backdoor implant tool (a method to bypass the normal authentication in a computer system or its parts such as a particular software or service). EternalBlue, a network infection vector or a path or means by which a hacker gains access to a computer or network server, also exploits vulnerability in SMB protocol.

Both DoublePulsar and EternalBlue were released by a hacker group called The Shadow Brokers on 14 April 2017.  And it was due to both of the malicious software that Wannacry could enter a network and spread throughout it to harm the whole network and the internet. It was initially regarded as a phishing attack but soon turned out to a ransomware.       It is found that three bitcoin accounts were used to collect the payments and they collected a total of 297 payments as of 23 May 2017. These payments amounted to a total of $106,180.44. Bitcoin accounts can be monitored, although their operators can remain unknown.

In a step to correct the errors, Microsoft quickly launched new updates for all windows and also for the older systems of windows XP and 2003, which was quite unexpected a move. Due to these updates, the rate of attack was reduced to some extent. A web security researcher found out a “Kill Switch” in the code of the ransomware in the form of URL, which helped defend computers further. Experts advise against paying the ransom as there are no reports of getting the data back even after paying.

Leave a Reply

Your email address will not be published. Required fields are marked *