WannaCry ransomware: Everything to know about the global cyberattack

WannaCry, a crypto-ransomware that is also called WannaCrypt, affected at least 45,000 computers in the world

Written by Nandagopal Rajan | Updated: May 16, 2017 10:32 am
Wannacry, ransomware A desktop computer affected by Wannacry (Image credit: AP)

The worst ransomware attack the world has ever seen has just been thwarted, or so it might seem, with a $10 web domain. WannaCry drove thousands to tears around the globe, and held out a stark warning about the vulnerabilities of our digital, inter-connected, existence.

What exactly happened?

WannaCry, a crypto-ransomware that is also called WannaCrypt, affected at least 45,000 computers spread over 74 countries, including India, on Friday. The WanaCrypt0r 2.0 bug encrypts data on a computer within seconds and displays a message asking the user to pay a ransom of $ 300 in Bitcoins to restore access to the device and the data inside. Alarmingly, the attack also hit the National Health Service of the United Kingdom, stalling surgeries and other critical patient care activity across the British Isles, and making confidential patient information and documents inaccessible.

But what is ransomware? How is it different from other malicious software?

There are many types of malware that affect a computer, ranging from those that steal your information to those that just delete everything on the device. Ransomware, as the name suggests, prevents users from accessing their devices and data until a certain ransom is paid to its creator. Ransomware usually locks computers, encrypts the data on it and prevents software and apps from running.

How was the attack ultimately brought under control? What could potentially have happened otherwise?

The attack was brought under control by an “accidental hero”, a security researcher who wants to be identified only as MalwareTech, who discovered a hard-coded security switch in the form of a link to a nonsensical domain name. He bought the domain name for $10.69, and this triggered thousands of pings from affected devices, thus killing the ransomware and its spread. If this had not been discovered, millions of computers worldwide could theoretically have been locked within a few days, affecting all kinds of services globally. Within hours of this attack, many surgeries were reported to have been put off, x-rays cancelled, and ambulances called back — just in the UK, where at least 40 hospitals under NHS were affected. It had been long feared that an attack of this nature could bring public utilities or transport systems to a halt, forcing the government to pay a huge ransom to normalise services — for a few hours on Friday, that day appeared to have arrived.

Who was behind the attack and what was their motivation?

It isn’t known yet. However, it is widely accepted that the hackers used the ‘Eternal Blue Hacking Weapon’ created by America’s National Security Agency (NSA) to gain access to Microsoft Windows computers used by terrorist outfits and enemy states. Since over a thousand computers in the Russian Interior Ministry, as well as computers in China, were hit, some of the state- or quasi-state actors suspected of carrying out largescale break-ins of computer systems in the United States will, on this occasion, start as not being immediate suspects. Interestingly, the NSA tool was stolen in April by a group called Shadow Broker, who seemed unhappy with US President Donald Trump, whom they said they had voted for.

How secure are Indian databases such as banks or UID (Aadhaar)?

The attack was specifically targeted at Microsoft Windows devices. Microsoft claims it “released a security update which addresses the vulnerability that these attacks are exploiting” in March itself, and advised users to update their systems in order to deploy the latest patches. However, in India, where most official computers run Windows, regular updates might not be a habit, and hence the vulnerability could be very high. A lot of personal data online are now connected to the Aadhaar data of over a billion Indians. Pradipto Chakrabarty, Regional Director, CompTIA India, said that the linking of Aadhaar to bank accounts, income-tax and other sensitive information increases the “threat surface”. “Since the user’s bank account is linked with his Aadhaar number, the ransomware can potentially lock down the account and make it unusable unless a ransom is paid,” Chakrabarty said. Amit Nath, Head of Asia Pacific, Corporate Business, at F-Secure Corporation, said the success of the WannaCry ransomware attack could give hostile nation states a reason to create cyber weapons where there’s no hope of ever recovering the data. “That’s the worst case scenario,” Nath said.

Given the manifest vulnerabilities of the digital age, what, if anything, can you do to protect yourself?

A post attributed to Phillip Misner, Principal Security Group Manager, Microsoft Security Response Center, said some of the attacks were using “common phishing tactics” like malicious attachments, and asked users to be cautious while opening attachments. The least you can do is stop clicking links that you don’t trust, and stop downloading software from unknown sources.

F-Secure highlights the need for a four-phase approach to cybersecurity: Predict, Prevent, Detect, and Respond. Predict by performing an exposure analysis; prevent by deploying a defensive solution to reduce the attack surface; respond by determining how a breach happened and what impact it had on systems; and detect by monitoring infrastructure for signs of intrusion or suspicious behaviour.

Wannacry, Wannacry cyberattack, what is Wannacry, Wannacry ransomware, how to stop Wannacry, Wannacry ransomware attack, Wannacry attack, cyberattack, ransomware attack, Windows, Microsoft, NHS cyberattack, technology, technology news

For all the latest Technology News, download Indian Express App

  1. A
    Akas Roy
    May 17, 2017 at 4:26 pm
    WannaCry Ransomeware is a constant thread right now. Over 99 countries is facing this issue badly. Anyways we would like to get rid from this threat and keep our windows up to date and secure. Wuinstall does anyone have better idea on it. I just heard about this one. This will helps to keep windows secure and updates s: wuinstall /
    Reply
    1. K
      kushal kumar
      May 16, 2017 at 4:31 pm
      . Several vulnerable countries may have this problem between now and December 2017, more so during August-September. Further , while 19 August to 4 September in present year 2017 looks to be crucial in that regard , 29 August could be one date needing more care and appropriate strategy. This Vedic astrology writer had alerted US also about this scenario in world-affairs likely to show up in that country as well in August-September in particular through article – ” Astrological probable alerts for US in year 2017″ submitted in September and published in December 2016 issue of wisdom-magazine . This is a new kind of warfare for world , it looks. This is also the period when much talked about WW3 has the potential to become real. So must be ready with appropriate and competent measures to deal with the conditions which have emerged to grow fat. It may be known
      Reply
      1. W
        WahtsGoingOn
        May 16, 2017 at 2:30 am
        Thank you for sharing. /V74I1cMZTSk
        Reply
        1. W
          WahtsGoingOn
          May 16, 2017 at 2:27 am
          Nice article. Very informative to understand it. I have also tried to explain it here s: /V74I1cMZTSk
          Reply
          1. S
            Sutaria Dhvani
            May 16, 2017 at 1:12 am
            This is a bit hit as a cyber attract. Make sure to be safe and secure. Tips | To Project Your Self: : www[dot]oyechingum[dot]com/wannacry-ransomware-danger/
            Reply
            1. S
              Sutaria Dhvani
              May 16, 2017 at 1:11 am
              This is a bit hit as a cyber attract. Make sure to be safe and secure. Tips | To Project Your Self: : oyechingum /wannacry-ransomware-danger/
              Reply
              1. E
                Employ Ment
                May 15, 2017 at 4:00 pm
                💲💲मुफ्त रोजगार योजना💲💲 ✔मोदी जी द्वारा चलाए गए डिजिटल इन्डिया से जुड़े और कमाए हर महीने 15,000 - 50,000 रुपए ✔अब कोई नही रहेगा बेरोज़गार और नही करेगा कोई बेरोज़गार आत्महत्या ✔क्योंकि अब आ गई है 21वीं सदी की सबसे बड़ी रोज़गार क्रांति ✔हमारा सपना पूरे भारत को ही नही पूरी दुनिया को डिजिटल इंडिया से जोड़ना 💲सबका साथ सबका विकास💲 ➡शुरुवात कैसे करे ✔C.h.a.m.p`C.a.s.h को प्ले स्टोर से इन्स्टल करे, और साइन अप करे, $1 डॉलर बोनस स्पौन्सर ID: 468942 ➡चैलेंज को पूरा करे ➡और इंकम करनी शुरू करे 👇🏻इसे जरूर नोट कर ले👇🏻 स्पौन्सर ID: 468942 ........................ Hvcggvcjnckfd
                Reply
                1. S
                  Sudharsan R
                  May 15, 2017 at 10:37 am
                  The Indian government has to ask to upgrade all system OS or it will be big threat to India Banks etc...
                  Reply
                  1. P
                    Piss Upon
                    May 15, 2017 at 3:48 pm
                    Yes. Still govt. offices use windows XP and many official email ids are in rediffmail or gmail !!!!
                    Reply
                  2. Load More Comments