Please log in to stay updated to local and international AXJ NEWS and events.


Go down


Post by Admin on Mon May 15, 2017 6:19 am


According to Wiki, WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting Microsoft Windows. On Friday, 12 May 2017, a large cyber-attack using it was launched, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm. The attack has been described by Europol as unprecedented in scale.

The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain's National Health Service (NHS), FedEx, Deutsche Bahn and LATAM Airlines. Other targets in at least 99 countries were also reported to have been attacked around the same time.

WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems. Although a patch to remove the underlying vulnerability for supported systems (Windows Vista and later operating systems) had been issued on 14 March 2017, delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left many users vulnerable. Due to the scale of the attack, to deal with the unsupported Windows systems and in an effort to contain the spread of the ransomware, Microsoft has taken the unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards.

Shortly after the attack began a researcher found an effective kill switch, which prevented many new infections, and allowed time to patch systems. This greatly slowed the spread. It was later reported that new versions that lack the kill switch were detected. Computer security experts also warn of a second wave of the attack due to such variants and the beginning of the new workweek

Cyber attack: Hackers in China try to seize control of WannaCry ransomware's 'kill switch'
The attempt fails but could have allowed the kill switch to be disabled, expert says

By Ian Johnston @montaukian

Hackers in China tried to seize control of the ‘kill switch’ used to prevent many of the WannaCry ransomware attacks that have been causing chaos across the world.

A 22-year-old British cyber security analyst discovered a website domain name in the code of a ‘worm’ used to infect computers with ransomware, which took over PCs and demanded money to return control.

When he registered the domain name, it activated a ‘kill switch’ in the coding. Every time the malware first infected a computer, it would try to find the website. If it could not, it would carry out the attack but if it did, it would shut down.

This is believed to have prevented thousands of attacks, but experts have warned the code could easily be rewritten by those responsible.

The security analyst, who has asked to remain anonymous but uses the name MalwareTech on social media, said he had been notified of an apparent attempt by someone else to take control of the website.

“Looks like someone in China attempted to steal the domain,” he wrote on Twitter.

Costin Raiu, director of global research and analysis at cyber security company Kaspersky Lab, told The Independent that hackers would sometimes try to take control of a website by pretending to be the owner and getting it transferred to a different register.

In this case, he said: “In theory, they could do two things. One is just count how many victims there are around the world.

“The other thing is they could just disable the kill switch that MalwareTech enabled … but the transfer attempt failed.”

He said it was “unlikely" that the hackers themselves would have done this as it would be simpler just to change the program slightly.

“They can very easily create another variant of this worm which doesn’t have this kill switch or checks for a different domain and they will achieve the same effect [as seizing control of the original domain],” Mr Raiu said.

Instead he suggested hackers unnconnected to the ransomware attacks may have been trying to pull off a feat that would give them a degree of "fame".

He suggested the best way to catch the people responsible for the WannaCry attacks would be to trace the ransom payments, which were to be made in Bitcoins.

“What you can follow is the money,” Mr Raiu said. “You can follow the Bitcoins [although] following the Bitcoins is kind of an art in itself.”


Posts : 15
Join date : 2017-02-18

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum