Bad luck struck on Friday the 12th this May when WannaCry, a ransomware locking up computers and networks and extorting a high price for access, struck victims across the globe en masse. Particularly hard hit by the virus are the National Health Service (NHS), major Spanish phone service-provider Telefónica, and a host of computers across Ukraine, Russia, and the Indian subcontinent.
What is ransomware, and what is WannaCry?
The WannaCry ransomware exploits a vulnerability called EternalBlue, originally found by the United States’ National Security Agency (NSA), and later leaked by so-called “Shadow Brokers.” Attacking Windows computers, the malware encrypts the user’s data, rendering it inaccessible. To decrypt the data and regain access to their files a user must often pay hundreds of dollars, with pressure to pay ramped up by timers that threaten the imminent erasure of data.
WannaCry’s spread has been particularly crippling, as it is able to spread via email attachments in seemingly innocuous file formats like Word files and PDFs, or by using a computer’s pre-existing viruses as a backdoor entry point. This rapid spread has resulted in the chaos of the present situation.
What is unique about this attack?
This latest ransomware attack does have some provenance in similar attacks from 2015 and 2016. Similar coding to that in WannaCry exists in previous versions of the ransomware, and its creators are believed to be from North Korea, according to investigations by Google security researcher Neel Mehta.
This ransomware attack as proved so damaging due to its rapid transmission and wide spread before the malware’s activation, and its penetration of dating Windows XP networks at the centre of NHS networks. Ultimately, to keep systems safe, they must be kept updated. Additionally, an effective endpoint management solution can help prevent these breaches.