You may have heard that a globe-spanning ransomware attack known as ransomware program WannaCry is targeting the Microsoft Windows OS. On Friday, 12 May 2017, a large cyber-attack was launched using it, infecting more than 200,000 computers in 150 countries, demanding ransom payments in the cryptocurrency Bitcoin in 28 languages. But it could have been a lot worse—and we have cybersecurity researchers to thank for making sure it wasn’t.
Thousands of computers in China and Japan hit by WannaCry virus.
Putin says Russia had 'nothing to do' with global ransomware outbreak.
Microsoft attacks US government over developing 'EternalBlue' exploit that led to hack.
New strains of virus reported but having little effect.
Jeremy Hunt says there has been no second wave of attacks.
Like previous ransomware, the attack spreads by phishing emails, but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency to spread through a network which has not installed recent security updates to directly infect any exposed systems. A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, but many organizations had not yet applied it.
Security experts have disputed claims that the virus was spread through suspicious emails, saying that computers were vulnerable to the bug regardless of how vigilant users were. Experts said that unless IT departments patched the virus and backed up their files they could be hit by the attacks.
As s/he reported in a fascinating blog post, MalwareTech had found an unregistered URL address in WannaCry’s code. Suspecting that the address had something to do with how the virus communicated—a common feature in botnets and other types of malware—MalwareTech registered the domain and watched as traffic from thousands of infected computers came flooding in, nearly overloading the server hosting the domain. Usually this kind of “sinkhole” move is an effort to disrupt a botnet, for example, from issuing commands to infected systems.
It was then used by the still-anonymous cyber criminals to infect PCs with Friday's ransomware.
"The governments of the world should treat this attack as a wake-up call," In a statement, Microsoft president Brad Smith said. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.
Thousands of computers in China and Japan hit by WannaCry virus.
Putin says Russia had 'nothing to do' with global ransomware outbreak.
Microsoft attacks US government over developing 'EternalBlue' exploit that led to hack.
New strains of virus reported but having little effect.
Jeremy Hunt says there has been no second wave of attacks.
Like previous ransomware, the attack spreads by phishing emails, but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency to spread through a network which has not installed recent security updates to directly infect any exposed systems. A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, but many organizations had not yet applied it.
Security experts have disputed claims that the virus was spread through suspicious emails, saying that computers were vulnerable to the bug regardless of how vigilant users were. Experts said that unless IT departments patched the virus and backed up their files they could be hit by the attacks.
As s/he reported in a fascinating blog post, MalwareTech had found an unregistered URL address in WannaCry’s code. Suspecting that the address had something to do with how the virus communicated—a common feature in botnets and other types of malware—MalwareTech registered the domain and watched as traffic from thousands of infected computers came flooding in, nearly overloading the server hosting the domain. Usually this kind of “sinkhole” move is an effort to disrupt a botnet, for example, from issuing commands to infected systems.
It was then used by the still-anonymous cyber criminals to infect PCs with Friday's ransomware.
"The governments of the world should treat this attack as a wake-up call," In a statement, Microsoft president Brad Smith said. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.
Comments
Post a Comment