WannaCry, the massive global ransomware cyberattack slowed down over Monday, but the impact of this is still being felt in parts of the world. WannaCry ransomware has affected computer networks in over 150 countries including Britain, Spain, Japan, Indonesia, Taiwan to name a few. Even India has been being hit by this malware, which has quickly spread over the world.
So what is the latest in the WannaCry ransomware saga? We break it down for you.
WannaCry global impact continues
Security researcher Marcus Hutchins, who was known as only MalwareTech, did find a kill switch for the attack and managed to stop its further spread, but there are reports of infected computers in other countries.
In India, over 120 computers in Gujarat’s government’s GSWAN (Gujarat State Wide Area Network) were infected by the ransomware Computers in Kerala, Andhra Pradesh were also infected by this.
According to a latest AP report, this ransomare has infected computers in 10 schools, the national power company, a hospital and one private business in Taiwan. The report is based on Taiwan’s Central News Agency. WannaCry also infected computers at a business in Taiwan, which apparently paid $1,000 in bitcoin to unlock files held hostage by the program. The news agency did not reveal the name of the business.
In France, auto manufacturer Renault was not able to reopen its plant in Douai as experts were still trying to deal with cyberattack. While the US government says their agencies have not been hit by the attack, companies like FedEx, and other businesses were impacted by this global cyberattack.
The biggest impact of the WannaCry cyberattack was felt on Britain’s National Health Service (NHS), with doctors, hospitals being locked out of their computers, which had crucial patient data. In Japan, over 2000 computers were affected and companies like Nissan Motor, Hitachi were also impacted by the ransomware attack.
Who is behind the attack?
Experts and security agencies around the world are still trying to figure out who is responsible for the cyberattack. Early reports are looking at a link with North Korea, but again this is all tentative and too early to say with any confirmation.
Links are also being made between the WannaCry code and the one used by Lazarus Group. The latter is a hacker collective believed to have been responsible for the 2014 Sony hacking. According to security firm Kaspersky’s Global Research & Analysis Team, the WannaCry cryptor sample from February 2017 looks like a very early variant a Lazarus APT group sample from February 2015.
However ,the firm also says the code could have been copied, and more “research is required into older versions of Wannacry,” in order to solve this attack. Other security firms like Symantec are also talking about the link between Lazarus and WannaCry.
Originally, Google’s Neel Mehta had tweeted to indicate there is shared code between known Lazarus tools and the WannaCry ransomware. According to Symantec, this code is in the form of SSL (Security Sockets Layer), and this specific implementation uses a “sequence of 75 ciphers which to date have only been seen across Lazarus tools,” notes a blogpost by the company.
So what happens next? How does one protect their computer?
More ransomware attacks are going to take place in future, and one of the best ways of protecting oneself against this is to ensure the latest software is in place. Now the ransomware is mostly impacting Microsoft’s Windows OS as the hackers are exploiting a vulnerability called EternalBlue in the operating system.
Microsoft had released a security update MS17-010 on March 14, which patched this, but those on lower versions of Windows, especially Windows XP and Windows Vista are at a higher risk. Windows 10 users who have not updated to the patch are also vulnerable.
Microsoft has already rolled out a security patch for Windows XP, Vista users and even if you are not impacted it is best to update.
How can one avoid being attacked by the ransomware? What happens if it gets installed on a PC?
This particular ransomware locks people out of their computers, denying them access to their files and other crucial data. It sets a timer within which time a victim has to pay a ransom of $300 bitcoins. If you miss the deadline, then the ransom doubles. However, most security firms are advising users against paying this kind of ransom.
According to Kaspersky, WannaCry, which is also called WCrypt resembles a variation of the infamous CryptXXX Trojan. The only way to avoid this right now is to keep all software updated, and do a scan with whatever security software you have on your PC. Also don’t click on unknown links from emails. Don’t open emails from strangers, or weird email addresses.
If the malware does infect your PC, then currently there is no solution for decryption of the files. You can try using some decryption methods, but currently experts have no solution for this.
Why is WannaCry so dangerous? And what next?
What makes WannaCry so dangerous is that it can infect an entire local area network (LAN) and encrypt all computers, even if it impacts just one PC. It has impacted 200,000 computers, which is what makes it such a serious problem.
The other issue: While the kill switch was discovered, experts worry if this was intentional. There are worries that the next cyberattack might be much worse without a possible kill switch.