Professional Premium and Free Blogger Templates 2020
Free download some awesome
SEO Friendly, Responsvie and Fast Loading free blogger templates. Get the best blogger themes in

WannaCry Ransomware: Story Of One Of The Worst Cyber ​​Attacks

Posting Komentar
WannaCry Ransomware
Photo credit: Wikipedia

The WannaCry ransomware attack that occurred in 2017 was one of the fastest-spreading cyber attacks. The attacks ultimately cost billions of dollars and the effects are still being felt today.

This attack occurs due to the use of an outdated computer system. At that time, people lack the awareness to always update the software they use, making it vulnerable to cyber attacks.

The WannaCry ransomware attack is a warning for companies to always update the operating system (OS) and the software they use. In general, developers will always improve the security system on the devices they develop so that users can avoid various cyber attacks.

What is WannaCry Ransomware?

WannaCry is a crypto worm ransomware that attacks computers running the Microsoft Windows operating system by encrypting data and requesting a ransom payment in the form of Bitcoin cryptocurrency. WannaCry is also known as WannaCrypt, WCry, Wana Decrypt0r 2.0, WanaCrypt0r 2.0, and Wanna Decryptor.

This ransomware exploits a vulnerability that existed in old Windows. Even though Microsoft has patched the vulnerability quickly, the majority of companies remain infected because they did not update the systems they use. In other words, many companies are still using older versions of Windows.

Once the WannaCry ransomware infects your device, it will start infecting your computer and encrypt all data. After that, the program will display a screen asking the victim to pay a certain amount of money to regain access. Typically, the asking price will get higher over time until the files are destroyed.

How Does WannaCry Ransomware Spread?

Since it first appeared on 12 May 2017, the WannaCry ransomware has infected hundreds of thousands of computers worldwide, including devices belonging to government agencies and hospitals.

WannaCry spreads using a Windows vulnerability known as MS17-010, which hackers can take advantage of the EternalBlue exploit. The vulnerability was discovered by the United States National Security Agency (NSA) but did not immediately report it to Microsoft, but used it to create exploits for its own offensive work. 

WannaCry targets networks using SMBv1, a file sharing protocol that allows PCs to communicate with printers or other devices connected to the same network. The WannaCry ransomware behaves like a worm so it can spread over the network.

Once installed on one machine, WannaCry will scan the network for other devices that are more vulnerable to infection. WannaCry enters the system via the EternalBlue exploit using a backdoor tool called DoublePulsar to install and run itself. Therefore, WannaCry can spread quickly without the need for human interaction and without the need for files or host programs.

WannaCry Attack in May 2017

The WannaCry ransomware attack began on May 12, 2017, which is the first to occur in Asia. Quickly, this attack infects as many as 10,000 people every hour and is finally stopped after 4 days.

This attack then caused various chaos. Many businesses have lost data and hospitals have reported many cancellations of surgery because patient files were lost. While not 100% sure, the cybersecurity community attributed the attack to North Korea.

Although WannaCry does not appear to be targeting anyone specifically, it is spreading rapidly to 150 countries. Most of the attacks occurred in Russia, China, Ukraine, Taiwan, India and Brazil.

The victim will be asked to pay a ransom of $300 in Bitcoin within 3 days or $600 in a week. If the victim does not pay the ransom, the victim will be informed that their file will be permanently deleted.

Cybersecurity researcher Marcus Hutchins found that once WannaCry lands on a system, WannaCry will try to reach a specific URL. If no URL is found, the ransomware will infect the system and encrypt the files. Hutchins can register a domain name to create a DNS sinkhole that acts as a kill switch on and off of WannaCry. 

How to Avoid Ransomware Attacks

Even though the WannaCry ransomware doesn't do much damage anymore, there are still many other ransomware that threaten your business. If you want to protect your business from cyber attacks, then there are a few tips you can do like:
  1. Always update the software and OS you are using. As explained above, WannaCry attacks companies that are still running old or outdated versions of software. Outdated software still has unpatched or unfixed vulnerabilities, making it especially vulnerable to attack. Therefore, always update the software you are using.
  2. Don't open suspicious email links (phishing emails). Ransomware can also be spread via phishing emails. Always avoid suspicious email links. 
  3. Download software, applications, or media files from official or trusted websites. 
  4. Using anti virus or anti malware.
  5. Routinely perform penetration testing (pentest). Currently, there are many penetration testing services that will help find vulnerabilities in the system you are using or developing. By regularly performing pentest, you can find out weaknesses in your system so that patching can be done immediately.
  6. Perform regular data backups.

Related Posts

Posting Komentar