Checksite AI Blog

WannaCry is the name of the ransomware that in may 2017 compromised numerous Windows platforms and put a halt on the National Health System (NHS) of the UK for days (Wikipedia, 2022). Because of this piece of software, ambulances were rerouted, and surgery cancelled due to data not being accessible (BBC, 2017). But what is WannaCry, who made it, and most importantly, what does it do?

According to the United States, North Korea created this ransomware for financial gains. The United States also later indicted 3 North Koreans for the damage WannaCry caused and for the Sony Picture attack of 2014 (Malwarebytes).

How does it work?

WannaCry takes advantage of the NSA discovered vulnerability called Eternal Blue and the backdoor Double Pulsar. An interesting fact is that Microsoft released patches for this vulnerability 2 months prior the attack. Unfortunately, not everybody had applied the security patches and were exposed to the ransomware. This complex piece of software included a worm component that allowed the ransomware to automatically scan the network for random IP addresses and infect them as well. In other words, every machine that was connected on the same network could also be infected (Malwarebytes). Once activated, the ransomware would encrypt every file found on the computer and would prompt a Window asking for a 300$ in bitcoin to be paid. After 3 days, the ransom would increase to 600$. The ransomware also promised to delete all files if the ransom was not paid after 7 days (Malwarebytes).

Interestingly, even after paying the ransom, some of the machine infected would not see their file decrypted. This is due to a flow present in the code. The hackers had no way of tracing who made a payment and therefore did not know which machine should have their files decrypted (Malwarebytes).

How to protect yourselves from WannaCry

How can we protect ourselves from this malware? Firstly, it is important to keep your computer up to date with security patches and updates. Secondly, it is important not to open unknown links or unknown files. These two basic steps can put us way ahead in our journey towards information security.

References

NHS cyber-attack: GPs and hospitals hit by ransomware (2017). BBC news. https://www.bbc.com/news/health-39899646

WannaCry. Malwarebytes. https://www.malwarebytes.com/wannacry

WannaCry Ransomware Attack (2022). Wikipedia. https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

Leave a Reply

Your email address will not be published. Required fields are marked *