What You Need to Know About Wanna Cry

Everything You Need To Know About Wanna Cry, and How You Can Protect Yourself.

25 May 2017, Posted by Sam Kurtzer in NEWS Posts
shutterstock_131210171 small crop

What is WannaCry/ WannaCrypt?

It’s the name for a high-profile hacking attack more commonly known as ransomware. Ransomware is a category of malware that holds your computer and the files on it hostage until you pay the hijacker’s ransom.

 

Where Did it Come From?

Code-named “Eternal Blue”, Wannacry emerged as a vulnerability discovered by the National Security Agency (NSA). The information was leaked to the world by a hacking group known as the Shadow Brokers. The sneaky malware has been able to spread quickly through utilizing an infected computer’s network.

Specifically, targets have been computers using outdated versions of Microsoft Windows. The malware exploited Server Message Block, a standard sharing tool on older versions of Windows.

 

How Does it Work?

Basically, there was an exploit with the SMB 1.0/CIFS Filesharing feature in windows that allowed the ransomware virus to hop to additional computers once the first computers were infected.

The patch that Microsoft released fixes the issues with the  SMB 1.0/CIFS Filesharing feature so the virus cannot replicate itself. The patch to fix this issue was originally released in March, but if people didn’t update they were left vulnerable to the ransomware spreading.

 

Why Are the Shadow Brokers Doing This?

Hacking agencies are often made up of a large group of people, all of whom have varying motives. Based on News reports by CNet, and other leading tech news sites, WannaCry was released for two reasons.

The first and foremost being credit and sending a message to the NSA and their hacking team, The Equation Group. On this point the Shadow Brokers had this to say in their open letter on steemit that reads a bit like an old dubbed video game; “The shadowbrokers is telling the peoples theequationgroup fails at security, theequationgroup is losing their data.”

The second reason, and far less important according to the groups statement, is money. The Shadow Brokers initially attempted to auction off the NSA’s data to the highest bidder. When the bidding didn’t go as planned they decided to release WannaCry to the web as a taster to build interest in the tools taken from the NSA, a form of malicious advertising, if you will. The group states they “[are] not being interested in stealing grandmother’s retirement money” nor are they seeking to sell to internet thugs, or greedy corporations. The Shadow Brokers are looking to sell to a group that equals their own in skill and ability. It would seem the group was hoping to sell the data back to the NSA, or at least to a government body or tech security company such as Microsoft.

While the attacks are reported to have garnered over $70,000 by day four, it is likely the group didn’t see much of the profit as they released the data to the web. Instead benefactors are those who picked up the information online and then used it for personal gains. It would seem the Shadow Brokers are seeking to demonstrate their superiority, and while they are not the direct benefactors, releasing the vulnerabilities to the web has hurt individuals and companies alike – including 16 hospitals across the UK.

 

I Wasn’t Hit, Am I Safe?

The Shadow Brokers have promised more leaked tools in what is being called “TheShadowBrokers Data Dump of the Month” – a subscription service akin to a wine club.  The group still has a large amount of the NSA’s cyber arsenal up their sleeves, 75% by their own account. If no one buys the lost data, or the buyer is a group who would seek to exploit the hacker tools the onslaught of malware may continue for some time.

 

 Preparing for & responding to Ransomware.

Where there is money to be made, you will find people willing to exploit. The financial gains from ransomware has grown as the use of personal computers has become common place both at work and at home. Offending emails are becoming harder to detect, moving away from the “Nigerian Prince” and “transfer of money” schemes and becoming more aggressive and devious. You may receive an email from a friend or loved one offering to share a google doc, or find you have been taken in by an official looking paypal email telling you to login to secure your account.

The bright side of all this is there are several things you can do to protect yourself.

  • Be Vigilant: Really read the email, and never open unsolicited documents. Emails reading IMPORTANT from a loved one may trigger an emotional response, but make sure to call or text that person if the email was unexpected.
  • Backup Your Data: The old saying “you don’t know what you have got, until it’s gone” has never been truer. The family pictures, contracts, banking info, and everything else held on your PC could be gone in a second. Backing up to the cloud or onto an external hard drive only takes a few seconds and could save you so much more.
  • Disable Macros: As of 2016 document macros have been a common infection vector for ransomware. Macros from emails and documents should be disabled by default to avoid infection.
  • Patch & Purge: We cannot stress this enough – maintain regular software updates on all of your devices, from operating system to application. If you no longer use an app (you haven’t touched words with friends in years!), delete it. Not only does it remove any risks with the application, it frees up space on your device.

Check out our recent FDM4 Security Alert for more information on how to protect yourself from WannaCry and other similar malwares.