WannaCry – A Post-mortem
It has now been a month since the Wannacry ransomware attack started, which infected more than 230,000 computers worldwide. Some of those affected included big names such as the National Health Service, Telefónica, FedEx and Deutsche Bahn. In case you do not know, a ransomware attack is a type of malicious software designed to block access to a computer system until a sum of money is paid. More and more developers of ransomware are using bitcoin as their demanded currency; this is because they’re immune to fraudulent chargebacks and transactions are irreversible.
WannaCry managed to reach global fame, not only from the high profile targets they hit but also the controversy surrounding the attack. The software took advantage of a Windows exploit called EternalBlue, one of the many exploits and vulnerabilities found and horded by the U.S. National Security Agency instead of being reported to Microsoft.
This is another example of the worrying trend we have been seeing for the last few years, of world governments damaging the tech industry with their uninformed approach. These include calls to add backdoors into software, or weaken SSL and other types of encryption used by popular tools such as WhatsApp or iMessage.
However, the knock-on effect is this will weaken online banking, shopping and business websites. If you weaken the security of software and encryption to gain access, the same exploits can be used by not only other countries but also hackers. Soon we will most likely see heavy handed attempts to introduce laws forcing the tech industry to open up the doors, rather than working with them to try and come up with an adequate solution.
Luckily there are some people in the industry trying to help the masses. Shortly after the attack began, the owner of MalwareTech discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This managed to greatly slow the spread of the infection, however new versions have been detected which lack this kill switch.
Ways protect yourself from this kind of ransomware include:
- If you are still on EOL Windows products such as XP or Vista, upgrade to Windows 10.
- Ensure Windows patches are installed after every release on Patch Tuesday.
- Invest in software like Cylance, to help prevent zero day attacks.