Malicious software WannaCry, officially WanaCryptor 2.0, the blackmail software, which has attacked many computers at the weekend, is like an epidemic, Europol even speaks of a worldwide attack of “unprecedented scale”.
On Friday, the Blackmail trojan WanaCryptor started its attack. And within a very short time, 200,000 computer systems were paralysed in more than 150 countries. Read on to find out how the Ransomware spread and whether it could have been stopped.
WannaCry slows computers
The WannaCry approach is typical of encryption software: once the system is infected, the Trojan encrypts all the data. Users are to pay a ransom for the decoding, with WanaCryptor 2.0 it is 300 US dollars in the form of Bitcoins. ( About 232 pounds ). The special thing about this crypto trojan is that it spreads independently. The head of Britain’s National Cyber Security Centre echoed the warning, raising concerns that many existing infections may yet to have been detected, and others could spread within networks. He said the crisis could develop “at a significant scale” in coming days
Malicious software WanaCry comes from the NSA
The malicious software WanaCryptor is allegedly based on a security vulnerability that was originally used by the US intelligence agency NSA for its surveillance. Hacker had already made them public a few months ago. For the NSA, this is a nightmare: when their tools reach the public, they are worthless. For the underlying security gaps are fixed, and the attacks of the secret service no longer work. In addition, attacks from the past can not only be detected and combated but also attributed to the NSA. It is expected that there will be a diplomatic disagreement between international intelligence agencies in the wake of this.
WannaCry uses a gap in the Windows operating system
The Trojan WannaCry exploits a critical vulnerability in Windows operating systems. The computers that are affected are those that have an older operating system than Windows 10 and are not up-to-date. And also a patch against the security gap has already existed since March 2017. Users are strongly advised to download the security update: Microsoft itself describes further details about this trojan in the article Customer Guidance for WannaCrypt attacks . Why companies are particularly concerned is because IT professionals of a company first check whether new updates run smoothly. The update is then distributed to all computers.
Ransomware has affected the NHS
It has been widely reported over the weekend about the NHS being affected. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.
But there are more known victims. In addition to British hospitals, the Russian Ministry of the Interior is also affected, as is the logistics giant FedEx in the USA, the Spanish telephone provider Telefónica and the French car maker Renault. The damage varies according to the affected company. However, the attack means that the systems must be shut down in order to stop a spread of the Trojan.
WannaCry randomly stopped
The spread of WannaCry was stopped by chance. A 22-year-old Bristish man found a web domain name in the computer code of the malicious software and registered it. And so the further spread of the blackmailer was interrupted. The trick: The Ransomware uses a small virus, which is installed on the system and then downloads further malicious software. This download has been disabled. However, the WanaCryptor programmer could re-activate his virus by placing the necessary download on another server.
New variant of WannaCry
There is supposedly already a new variant of the blackmailer WannaCry. The danger is not over, the game between attackers and defenders continues. The demand of the Ransomware was already very harsh: If you do not pay the ransom within three days, the attackers double their demand. After seven days without ransom, even the offer to restore the files expires.