How Does the WannaCry Ransomware Impact You?
One of the most serious malware outbreaks ever will have repercussions beyond just those affected. The WannaCry ransomware malware hit worldwide May 12, 2017. Europol, the European Union’s law enforcement agency, estimated Sunday the 14th that the ransomware had impacted over 200,000 people in at least 150 countries, and that number went up Monday and Tuesday as people returned to work and opened their computers to find they were victims. The ransomware hit people from NHS Hospitals in the United Kingdom to FedEx to Germany’s railway system to ATMs in China and India to Russia’s interior ministry. Those are just some of the larger names along with countless smaller businesses and individuals. This attack will go down as one the largest ever. So what was it and how can you protect yourself?
First we have to break down exactly what is WannaCry. Well, WannaCry is a ransomware using Window’s exploit MS-17–010. But what does that mean? WannaCry is ransomware, a type of malware(usually just called viruses) that encrypts or encodes all of your files on your computer. It does this by using EternalBlue, which is a tool originally developed by the NSA to essentially be a malware template. WannaCry uses EternalBlue with an exploit in Windows called MS-17–010, think of it as a hole that malware can use to access all of your files. After it has accessed them, it proceeds to encrypt them and leave you this little gift:
The malware authors then demand you go to a website accessible through the TOR browser and send them about $300 and your unique key to the malware authors where they will then decrypt your files. But here is the catch; after paying you may not get your files decrypted. Your files aren’t automatically decrypted after paying, you have to rely on the malware authors to manually decrypt your files. Which they have little incentive to do once they have your money it should be fair to note. You may ask, “But why would the malware authors not decrypt your files after paying?” The reason being that they are a**holes. That is of course ignoring that if someone is using malware they are an a**hole anyways but these people are especially large a**holes.
But how did this attack end? Actually by accident. A cybersecurity professional known to the public only by his online pseudonym MalwareTech killed WannaCry, or at least the spread of it, without realizing it at first. WannaCry, after infection, had a flaw: it actually checked to see if the domain www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is active. If the website does not exist(good old fashioned error 404) then the ransomware does its work; but if the website is active, WannaCry exits the system instead of activating. Malwaretech bought the domain originally for statistical reasons and to see if he could possibly reverse-engineer the ransomware later on. But instead, the purchasing of the domain, which he connected to a sinkhole server(a server that online traffic gets sent to instead of the original destination if it links through a certain domain first) killed the spread of WannaCry. MalwareTech posted his full story which is a read I highly recommend although it is a bit technical for most.
But here is the key, it isn’t hard to protect yourself from many of these attacks! The MS-17–010 exploit was actually patched awhile ago on Windows 10 by Microsoft! The systems that were infected were those that were not patched or on versions of Windows no longer supported by Microsoft like XP and 7. And Microsoft in the goodness of their hearts actually released patches for unsupported versions after the WannaCry outbreak. Along with having a decent antivirus installed, update and upgrade your software! It fixes countless bugs and vulnerabilities, or at least turn on updates for critical and security if you are using Windows. Although many hate having the updates, it very much acts like a vaccine, sucks a little downloading them, but will save you a lot of pain in the future.
It would be a good idea to keep on top of updates as the excitement over this attack drives software people to patch any vulnerability they can as soon as possible in preparation for inevitable copycats. This attack if nothing else should serve as a reminder that cybersecurity and IT shouldn’t be an afterthought and the people involved put in a lot of good work, even MalwareTech said he was technically off all of last week. And some good news is that the WannaCry authors ought to be on the run as they have the United States’ NSA, the United Kingdom’s GCHQ and Russia’s FSB all out for their blood; and with that group they probably won’t get far.