Search
  • Jagan Nathan Vaman

Hail WannaCry! - The ransomware that made Cyber Security popular even among School Teachers and Paan

Updated: Apr 15

Hail WannaCry! My paan Waala today asked me how to protect his phone and computer against #Wcry! Continuous whatsapp updates with solutions, snake oil and alerts started propagating and even Grannys were worried about Wannacry! My simple advice -





I am reminded of Keith Urbans song - (with my changes applied!)

"Alone in this house again tonight

I got the Computer on, the sound turned up and a bottle of wine

There's pictures of you and I on the facebook walls around me

The way that it was and could have been surrounds me

I'll never get over you walkin' away with a message

Oops! You got infected by Wannacry!

I've never been the kind to ever let my feelings show

And I thought that bein' strong meant never losin' your self-control

But I have lost enough to let go of my pain

To hell with my pride, let it fall like rain

From my eyes

Tonight I want to cry!" Wannacry !!


The "WCry ransomware spread quickly like wild fire across Europe and Asia starting 13th May impacting alomost 100 countries and disrupting

  1. Hospitals - NHS in UK where patients were turned down, critical operations post poned - huge impact on Healthcare

  2. In France - Renault shut down its factory for a day - as a precautionary measure

  3. PetroChina was infected and many petrol stations had to operate on cash basis because their computers were infected

  4. Indian banks including a few south Indian Banks, Andhra Police and thousands of small to large enterprises were hit by WCry. India was worst hit - 9.6% of total victims


Thousands of computers in China and Japan hit by WannaCry virus

Putin says Russia had 'nothing to do' with global ransomware outbreak

Microsoft attacks US government over developing 'EternalBlue' exploit that led to hack

New strains of virus reported but having little effect

Jeremy Hunt says there has been no second wave of attacks

The Telegraph reported - Vladimir Putin has blamed the US for the global cyber attack that has crippled computer systems around the world since Friday. 

The cyber attack, which wreaked havoc at dozens of NHS trusts on Friday, has continued to spread, hitting thousands of computers in China and Japan.

Putin said Russia had "nothing to do" with the attack and blamed the US for creating the hacking software that affects Microsoft computers. 


What We Know

■ Cybersecurity experts identified the malicious software as a variant of ransomware known as WannaCry. Workers at hospitals and companies across the globe were confronted with a message on their monitors that read, “Oops, your files have been encrypted!” and demanded $300 in Bitcoin, an anonymous digital currency preferred by criminals, to restore access.

■ Experts said that the attackers may pocket more than $1 billion from individuals worldwide before the deadline ran out to unlock the machines.

■ Among the companies and government agencies affected were FedEx, Britain’s National Health Service and the Russian Interior Ministry.

■ In Asia, there were widespread reports of attacks at universities, with students locked out of their theses and final papers as graduation loomed.

■ Over all, more than 45,000 attacks were recorded in nearly 100 countries. Russia was the worst hit, followed by Ukraine, India and Taiwan, according to Kaspersky Lab, a Russian cybersecurity firm.

■ Microsoft issued a new patch for its Windows software after the attack.

■ At least 45 British hospitals and other medical facilities seemed to be hit hardest by the attacks, which blocked doctors from gaining access to patient files and caused emergency rooms to divert patients. Prime Minister Theresa May said there was no evidence that patient data had been stolen.

■ On Saturday, British authorities said that 48 of Britain’s 248 public health trusts, or about 20 percent, had been assailed in the attack. All but six are back to normal.

■ Companies like Deutsche Bahn, the German transport giant; Telefónica, a Spanish telecommunications firm; and Renault, the French automaker, said that some of their systems had been affected, though no major outages had yet been reported across the region’s transports or telecom networks.

■ The Russian Interior Ministry confirmed in a statement that 1,000 of its computers had also been hit.

■ The Chinese online security company Qihoo 360 issued a warning about the virus, saying that many networks there had been hit and that some computers used to mine Bitcoin in China were among those infected.

■ A FedEx spokesman said of the attack: “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible.”

■ Reports last year found that some state-run hospitals in Britain had spent nothing on cyberdefense and were running outdated software on their systems. -- according to NYT

"The governments of the world should treat this attack as a wake-up call," In a statement, Microsoft president Brad Smith said. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."

Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.

So is this a proof of Concept by a foreign government to test a cyber weapon? Stuxnet was a computer worm created (allegedly) by CIA and Mossad to destroy Iranian Nuclear plant centrifuges at Natanz. This attack was the first successful proof of concept of weaponizing a Computer worm or a malware designed to kill.

In India Critical Infrastructure has been attacked

Several computers at West Bengals power distribution company offices were attacked by the ransomware 'WannaCry' that was reported to have affected millions of computers worldwide last Friday. 


The utility is now running the risk of witnessing larger numbers of PCs getting affected as this ransomware can infect other PCs in a network and could reach into servers unless it has patched a vulnerability that this virus uses to hack computers. - according to -http://economictimes.indiatimes.com/articleshow/58682739.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

Imagine a situation where PowerGrids are attacked resulting in large scale blackouts and the choas that will follow?

Politicians were busy blaming others -

Theresa May says Government warned the NHS about possible attack

Theresa May has denied accusations that the Government failed to alert the NHS about a possible cyber attack despite warnings from security experts.

"Clear warnings were given to hospital trusts," said May, speaking at an event in Oxfordshire. "But this is not something that focused on attacking the NHS here in the UK." 

Vladimir Putin blames US for hack

Vladimir Putin has blamed the US for causing the global cyber attack. He said Russia had "nothing to do" with the cyber attack, adding that the US had indirectly caused it by creating the Microsoft hack in the first place.

"Malware created by intelligence agencies can backfire on its creators," said Putin, speaking to media in Beijing.


He added that the attack didn't cause any significant damage to Russia. Russian security firm Kaspersky said hospitals, police and railroad transport had been affected in the country. Another report suggested Russia was one of the worst hit locations. 


Microsoft attacked the US government on Sunday for building the Eternal Blue tool.

This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.

An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.


Indian CERT issued an advisory - http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html

RBI has asked banks to follow the instructions of government organisation CERT-In to prevent the attack by ransomware, 'WannaCry', which has impacted various IT networks in over 150 countries.Indian Computer Emergency Response Team (CERT-In) has come out with list of dos and don'ts and webcast on how to protect networks from the global ransomwareattack. It has been reported that a new ransomware 'WannaCry' is spreading widely, RBI advisory to the banks said. Wannacry encrypts the files on infected Windows system and spreads by exploiting vulnerabilities, it said.

So there is a groundswell of panic spreading and snake oil consultants started dishing out advisory and IT Security companies started a huge blog to death and webinars for victims campaigns.


The technical details are here - Kaspersky update:

How to defend against WannaCry

Unfortunately, there is currently no way to decrypt files that have been encrypted by WannaCry (however, our researchers are on it). For now, prevention is the only hope.


Here are several pieces of advice on how to prevent infection and minimize damage.

  • If you already have a Kaspersky Lab security solution installed on your system, then we recommend doing the following: Manually run a scan for critical areas, and if the solution detects MEM:Trojan.Win64.EquationDrug.gen (that is how our antivirus solutions detect WannaCry), remove it and reboot your system.

  • If you’re a Kaspersky security user, keep System Watcher on. It’s essential to fight any new variants of the malware that might emerge.

  • Install software updates. This case desperately calls for all Windows users to install the MS17-010 system security update. Microsoft even released it for systems that are no longer officially supported, such as Windows XP or Windows 2003. Seriously, install it right now; it’s very important.

  • Create file backups on a regular basis and store the copies on storage devices that are not constantly connected to the computer. If you have a recent backup copy, then an encryptor infection is not a catastrophe; you can spend a few hours reinstalling the operating system and apps, then restore your files and move on. If you’re just too busy to handle a backup, take advantage of the backup feature built into Kaspersky Total Security, which can automate the process.

  • Use a reliable antivirus. Kaspersky Internet Security can detect WannaCry both locally and during attempts to spread it over a network. Moreover, System Watcher, a built-in module, can roll back any unwanted changes, which means that it will prevent file encryption even for those malware versions that are not yet in antivirus databases.


For Security Experts Here is a Technical analysis - https://www.endgame.com/blog/wcrywanacry-ransomware-technical-analysis

You can use any reliable AV tool and the best way to defend an attack is to keep backups for small businesses to global corporations as the old jungle saying advises!

Credits:

https://www.nytimes.com/2017/05/12/world/europe/international-cyberattack-ransomware.html?_r=0

https://blog.kaspersky.com/wannacry-ransomware/16518/



7 views