On Friday, some hospitals in the United Kingdom were struck with a peculiar attack: computers taken over, data inside encrypted and held ransom, all for the measly payment of just $300. The attack spread rapidly, hitting 150 countries and shutting down everything from telecoms in Spain to the Interior Ministry in Russia. And then, through a stroke of luck, the WanaCryptor attack was stalled in its tracks, a killswitch discovered by happenstance just in time for the weekend. What, exactly are we to make of the largest ransomware attack in history?
It was based on a leaked NSA “cyber-weapon”
The worm, known variously as WannaCry, WanaCryptor, and WannaCrypt, targets computers running Microsoft operating systems. It is built on an exploit named EternalBlue, one of many NSA “cyber-weapons” released by a group known as the Shadow Brokers, who first started leaking NSA tools late last summer.
It spread without exploiting user interactions
Unlike phishing or spearphishing attacks, where a computer is compromised because a user clicks a link in a targeted email, WannaCry works without exploiting any human error.
The killswitch was a simple URL check
Before WannaCry spreads, it checks to see if it can connect to a specific domain. If the domain is registered and occupied, it’s done, and proceeds no further. If it fails to connect, then WannaCry spreads as it was designed to do, infecting machines and demanding ransom.
It preyed upon un-patched computers
Microsoft released patches for the vulnerable operating systems that can prevent the present version of WannaCry from infecting patched computers. The first patch that protects against attacks like this was released in March, though not every user automatically downloads and installs all patches or software updates.
Preventing and recovering from this kind of attack is expensive and complicated
WannaCry worked because of a complex mishmash of circumstances. The availability of bitcoin as a way to pay ransoms to anonymous criminals certainly helped, as did the exploit developed by the NSA itself.
Source Reference By : Popular Science