WannaCry Ransomware Spreads Across the Globe
On
Friday, May 12, 2017, the world was alarmed to discover that cybercrime had
achieved a new record. In a widespread ransomware attack that hit organizations
in more than 100 countries within the span of 48 hours, the operators of
malware known as WannaCry/WanaCrypt0r 2.0 are believed to have caused the
biggest attack of its kind ever recorded.
Perhaps
more than anything else, this ransomware onslaught is a resounding reminder of
the importance of security basics, especially when it comes to Microsoft
product patching. Those who applied critical Microsoft Windows patches released
in March were protected against this attack. Another basic protection is the
possession of current, offline backups of data. For ransomware attacks like
this one, having a viable backup will enable a successful incident response,
leaving attackers high and dry and unable to collect money for their evil
doings.
What Is WannaCry?
WannaCry,
WanaCrypt or Wcry for short, is ransomware that works like other malware of its
type, with a few intricacies that highlight the sophistication of its
operators.
First,
the malware uses exploits that were supposedly leaked by a group that calls
itself Shadow Brokers. The result of leaking exploits very often gives rise to
malicious actors who use them for their nefarious purposes, which is what
happened in this case.
Second,
the malware uses strong, asymmetric encryption, employing the RSA 2048-bit
cipher to encrypt files. This method is considered relatively slow when
compared to symmetric encryption, but it is very strong and virtually
impossible to break.
Third,
the malware’s architecture is modular, a feature known to be used in legitimate
software, but also in complex malware projects such as banking Trojans. Most
ransomware is not modular, but rather simplistic, and carries out its tasks
without any modularity. This means that the authors behind Wcry are more likely
to be a group of people, more than just one developer, and even possibly one of
the organized cybercrime gangs that distribute malware such as Dridex and
Locky.
Bottom
line, we are not dealing with amateurs. This widespread attack is of high
severity, and although the vulnerability should have been patched a while back,
many organizations have been hit and the count keeps rising.
Read
technical details and the rest of this post here.
Comments
Post a Comment