The WannaCry attack unveiled ransomware and malware in general, even for those who are clueless about computing. Using exploits from the Equation Group hacker group, which were published by the Shadow Brokers group, the attackers succeeded in creating the monster, an encryption ransomware capable of rapidly spreading across the Internet and local networks.
WannaCry began on May 12 and was described as an “unprecedented attack” due to its magnitude: more than 230,000 computers in 150 countries were affected. The most affected countries were Russia; Ukraine; India; Great Britain, where the national health service was compromised; Spain, for the attack on Telefónica and Germany, where the German railway company Deutsche Bahn AG was the main target.
The cyber attackers collected more than $ 140,000 in bitcoin. WannaCry didn’t continue to expand thanks to a circumstantial hero who found a way to stop it.
This is Marcus Hutchins, also known by his alias Malware Tech, who found a “shutdown button” that was in the malware code. Hutchins was able to prevent the spread of WannaCry by registering a domain name that the worm apparently had to connect to in order to “capture” (encrypt) files from the machines it infected. Hutchins is currently accused of creating the Kronos malware in 2014 and then selling it on the black market.
While this did not help the machines that had been infected, it did stop the spread of this cyber attack and take defensive measures. One of them was the Windows update with the patch that the company released in March 2017, two months before the attack but that many users had not yet installed.
How WannaCry happened
WannaCry spread aggressively using the Windows EternalBlue vulnerability, or MS17-010. “EternalBlue is a critical bug in Microsoft’s Windows code that is at least as old as Windows XP. The vulnerability allows attackers to remotely execute code by creating a request for the Windows File and Printer Sharing service,” he explains. Ondrej Vlcek, CTO of Avast, a company that provides IT security solutions.
Once the system logs into a computer, it scans the network and looks for other IP addresses at random. When it finds another vulnerable computer, it enters and thus begins to expand.
Reports indicate that it was discovered by the NSA, who gave it the name EternalBlue, kept it a secret, and then created a backdoor tool to exploit it. A group of hackers called Shadow Brokers publicly released the exploit a month before the WannaCry outbreak.
[…] also:WannaCry, one of the biggest cyberattacks in historyFreakOut – A Botnet targeting […]
[…] reads:EternalBlue was the exploit used by WannaCryWannaCry, one of the biggest cyberattacks in historyeCh0raix is the ransomware that targets NAS […]