Global Ransomware Attack
Unidentified hackers executed world-wide cyberattack using an N.S.A. tool (called “Eternal Blue”) that was stolen last Friday, and it seems like many global organizations have been affected by the attack causing malfunctions in hospitals, factories, transportation, et cetera.
The attacks appeared to be the largest ransomware assault on record, but the scope of the damage was hard to measure…www.nytimes.com
Governments and executives scrambled Saturday to recover from a cyberattack that wreaked havoc on computer systems…www.wsj.com
The ransomware is called WannaCry, and is supposedly developed by hackers named the Shadow Brokers. It is spread through emails initially that contains seemingly-innocuous links or attachments that when opened, encrypts data on victims’ computer and asks for “ransom” of 300 dollars (interestingly in bitcoins) in order to decrypt the data.
Several reports confirm that the ransomware was initially developed by the N.S.A., who already knew of the vulnerability in the Windows operating system but did not take actions to prevent users from getting attacked by potential cyberattacks. After the hacking tool, called “Eternal Blue,” was stolen by the Shadow Brokers, the N.S.A. did inform Microsoft which soon released patches to shield the system, but a lot of the users, especially corporate users, neglected to download the updates that would have prevented the attack.
■ Experts said that the attackers may pocket more than $1 billion from individuals worldwide before the deadline ran…www.nytimes.com
Interestingly enough, according to the continuously updated report from the New York Times, the attack has been pretty well contained in the United States because a British researcher “accidentally” found a “kill switch” to the cyberattacks, which was a random domain designated by the hackers, activated the site associated with the domain, which stopped its spread in the U.S. The researcher and other experts warn, however, that it is very easy for the attackers to circumvent this temporary prevention and resume the attack.
It seems like the attacks have yet to cause fatal damages or stolen important information (presumably), but this kind of attack alarms the companies and the users about the vulnerability of the current security system. There may need to be a whole-scale revisions of the security system as it’s been proven through these attacks that it is so brittle.
So finally I've found enough time between emails and Skype calls to write up on the crazy events which occurred over…www.malwaretech.com
This is a memo from the researcher who first identified the unregistered domain that stopped the spread of the ransomware attack. From his analysis, it is incorrect to call this domain the “kill switch”: the domain was selected by the hackers as a design to avoid being analyzed by researchers like himself in a sandbox environment, but the hackers for some reason only used this domain as a work-around, which caused the registering of this domain to trigger all the ransomware to think that it is in a sandbox and therefore exit.