WannaCry – Ransomware Attack

Spyware

The WannaCry ransomware attack is the biggest of its kind ever recorded but reinforces the concept of basic security hygiene.  Organizations who applied critical Microsoft Windows patches released in March were protected against this attack.  There are plenty of sites with detailed information about this attack.  Here are the basics.

What is WannaCry?

WannaCry, WannaCrypt or Wcry works like other similar malware with a few intricacies which suggest some sophistication of its designers.  The Wcry outbreak started showing up on May 12, 2017 but it relies on some elements that have been around for some time now.  It scans for new victims over a common network protocol designed to enable access to shared directories, files, printers, and other resources.  It then leverages two exploits that were borrowed from a previous disclosure (the Shadow Brokers exploit leak was in the news where hacking tools allegedly used by the NSA were disclosed).

Once on your PC, the Wcry malware installs a number of different executable files that carry out different functions.  The essential part is to encrypt your data, carried out by a file called tasksche.exe.  The encryption encompasses 160 different file extensions to make sure all your data is hijacked.  Files that have been encrypted will have the extension .wcry or .wncry.

The Message

The malware’s authors have created the ransom image in multiple language formats depending on the geolocation of your IP address.  To make sure the victim sees the ransom note immediately, it places it as the foremost window on the desktop.  This is what it may look like:

Wcry ransom note

 

The Financial Side of Ransomware

This ransomware has mostly hit organizations overseas but is spreading rapidly.  More than 130,000 systems in more than 100 countries have been compromised.  If all 130,000 victims paid the ransom to unlock each device, the total ransom would amount to over $39 million.  Keep in mind that the Wcry ransom demands start at $300 but they increase to $400 after two hours, then $500, and finally $600.

A Global Problem

Ransomware is not new.  The threat traces back to 1989 when it first emerged on floppy disks sent to unsuspecting computer owners.  It certainly has gained disproportionate momentum since 2014, along with the risk of cryptocurrencies (Bitcoin) used across the globe, which enable the criminals to anonymously demand payment from anyone.  This threat is going to get worse throughout 2017.

Make sure all computers you use are kept up to date with the latest patches to help protect against these types of attacks.  Additionally, other malware comes via e-mail attachments and bad links.  Never open an unknown attachment or click on a strange link in an e-mail.   Last, make sure you back up your data.  Paying the bad guys keeps them coming back by funding future attacks.  Having good backups allows you to recover your data without being part of the financing stream for cybercriminal activity.