WannaCry ransomware attack?

The WannaCry ransomware attack was a world wide cyber attack by the WannaCry ransomware crypto worm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin crypto currency. The attack began on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of Britain’s National Health Service(NHS), Spain’s Telefónica, Fed Exand Deutsche Bahnwere hit, along with many other countries and companies worldwide. Shortly after the attack began, a web security researcher who blogs as “Malware Tech” discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, effectively halting the initial outbreak on Monday, 15 May 2017, but new versions have since been detected that lack the kill switch. Researchers have also found ways to recover data from infected machines under some circumstances. WannaCry propagates using Eternal Blue, an exploit of Windows’ Server Message Block(SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S.National Security Agency(NSA) had discovered the vulnerability in the past, but used it to create an exploit for its ownoffensive work, rather than report it to Microsoft. It was only when the existence of this vulnerability was revealed by The Shadow Brokersthat Microsoft became aware of the issue, and issued a “critical” security patchon 14 March 2017 to remove the underlying vulnerability on supported versions of Windows, though many organizations had not yet applied it. Those still running older, unsupported versions of Microsoft Windows, such as Windows XP and Windows Server 2003, were initially at particular risk, but Microsoft released an emergency security patch for these platforms as well. Almost all victims of the cyberattack were running Windows 7, prompting a security researcher to argue that its effects on Windows XP users were “insignificant” in comparison. Within four days of the initial outbreak, security experts were saying that most organizations had applied updates, and that new infections had slowed to a trickle.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s