WannaCry and Randomware

By August 16, 2017Uncategorized

On the 12th of May 2017, a worldwide cyber attack struck everywhere from Britain’s national health service to FedEx. The attack, dubbed “WannaCry”, was a ransomware strike that used a back door in Windows to gain access to the targeted computers. The attack was so widespread and so immediate, that many companies simply ordered their employees to shut down their computers until the issue was resolved. WannaCry utilized an exploit called EternalBlue, designed originally by the NSA to collect information, to sneak into a back door in Windows operating systems. The spread of this ransomware was stopped short when a URL was discovered within the software that acted as a “kill switch”, stopping WannaCry from functioning before it did it’s dirty work. Since the attack, Microsoft has released emergency patches for both current and unsupported windows operating systems like Windows XP and Vista to seal the hole, rendering WannaCry and EternalBlue largely useless.


While this particular threat has been neutralized, it is important to know how ransomware works and how to recognize it. Ransomware is a type of malware that enters your computer through various means and, once inside, it will encrypt any files it can get its hands on, thereby preventing you from using those files. Once encrypted this way, in order to decrypt a file you would need the encryption key, which the owners of the ransomware will offer to give you in exchange for money. It is important to note here that roughly 90% of the time even if you give the attackers the money they ask for, they will not give you the encryption key you need.


Protecting yourself from Ransomware is usually fairly easy, and is very similar to the methods you should use to maintain your security already. The first, and most successful method to protect yourself from ransomware is to simply back up your important files. If you have up-to-date backups, then at worst a ransomware attack will have taken the files you made in the last day or so, effectively neutering the threat. The second way to avoid ransomware is to keep your operating system as up-to-date as possible. Microsoft released their security patch before the WannaCry attack got particularly bad, but many people did not update immediately and left themselves vulnerable to the spreading malware. Third, maintain normal security procedures like firewalls and email screening. WannaCry is special because it’s creators found a special secret back door into Windows. Most ransomware is not this lucky, and will try to attack you via the usual routes like phishing and disguised emails.


For those interested in more specific details regarding how WannaCry works and how it was stopped, here are two useful links for more detailed information.

Wikipedia: https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

A short video describing the inner workings of the attack: https://www.youtube.com/watch?v=etPizFNPupk


Leave a Reply