Thursday, June 1, 2017

WannaCry: The Data Kidnapper

Ayush Bhattarai
Executive, ACM Foundation
We live in a world where communication has become a major part of people’s lifestyle. Without communication the existence of the world we live today would be impossible. As the saying goes, “With great power, comes great responsibilities” the process of making these communication secure become more and more difficult each day. With new methods of breaching into people’s private information and accessing data illegally the challenge of “Counter-Hacking” has become more and more difficult. Lately a ransomware called WannaCry or wcry has been in the radar of the international cyber security society. Its notorious actions have caused damage to more than 230,000 computers in more than 150 countries worldwide and is spreading rapidly.


What is a ransomware?
A ransomware is a computer malware which encrypts the files on a computer system and asks for ransom to decrypt the files. In other sense ransomware can be identified as the kidnapper of computer files and asks for ransom to let your data free. A ransomware works under the knowledge of cryptovirology i.e. the use of cryptography to create malwares. The use of cryptovirology has been increasing day by day as new algorithms to encrypt are published regularly.

History of WannaCry
National Security Agency(NSA) of the United States of America had found a way to exploit the vulnerability of the SMB (Server Message Block) protocol of the Microsoft Windows OS. The exploit called EternalBlue grabbed hold of Microsoft’s collar and was breaching into people’s messages and emails. A group of hackers known by the name “Shadow Brokers” leaked the exploit and the methods which caused a huge outcry on the internet. After the leak of the exploit done by the NSA, computer hackers started developing a new ransomware which infected the computer through attached email files pretending to be legitimate and encrypting the data in the computer. This new project was called “WannaCry”. WannaCry started to spread with a huge bang. After its release on 12 May 2017, it started infecting more than 230,000 within a day. WannaCry demands $300 equivalent Bitcoins in the form of ransom within 3 days of encryption and after that the ransom will rise. After 7 days if failed to submit the ransom, WannaCry will erase all the data from the computer. Bitcoin which is demanded for ransom is a type of cryptocurrency which works by securing transactions by various cryptographic algorithms and returning units of digital currency. Bitcoin was invented in 2009 by a programmer or a group of programmers under the name Satoshi Nakamoto.

How does WannaCry work?
As stated earlier a ransomware demands for ransom in exchange for the freedom of the data. So, WannaCry does the same. Initially, WannaCry is attached to an email which looks legitimate and is sent to the target computer user. As soon as the email is opened, WannaCry installs DoublePulsar which is an exploit tool developed by the NSA onto the system and encrypts all the data except for two files i.e. the ransom note and the directions to buy Bitcoins. WannaCry has affected major international companies like FedEx, Renault, Nissan, Bank of China, Hitachi etc. and have caused severe damage worth millions.


Is there a solution?
A “white-hat” hacker accidentally triggered the “killswitch” of WannaCry after he discovered a URL in the malware and registered it which shut the ransomware and stop its spreading. But soon WannaCry got updated and the killswitch no longer worked after registering the URL.
So, the best way to stay safe from WannaCry is firstly to keep all data backed up. Keeping backup data can be very useful because situations where erasing of data might happen and other various factors. Second, not to open emails from unknown sources or verify the emails by cross checking if sent (it might pretend to be your boss) by someone you know.

Thus, WannaCry has caused a major headache to the cyber security society due to its sneaky behavior and its encryption method. And people affected by WannaCry are URGED NOT TO PAY THE RANSOM, because if paid it will encourage the hackers to do more stuffs like this and nobody’s data or privacy will remain private. 

2 comments: