Ayush Bhattarai
Executive, ACM Foundation
|
We live in a world where communication has become a major
part of people’s lifestyle. Without communication the existence of the world we
live today would be impossible. As the saying goes, “With great power, comes
great responsibilities” the process of making these communication secure become
more and more difficult each day. With new methods of breaching into people’s private
information and accessing data illegally the challenge of “Counter-Hacking” has
become more and more difficult. Lately a ransomware called WannaCry or wcry has
been in the radar of the international cyber security society. Its notorious
actions have caused damage to more than 230,000 computers in more than 150
countries worldwide and is spreading rapidly.
What is a ransomware?
A ransomware is a computer malware which encrypts the files
on a computer system and asks for ransom to decrypt the files. In other sense
ransomware can be identified as the kidnapper of computer files and asks for
ransom to let your data free. A ransomware works under the knowledge of
cryptovirology i.e. the use of cryptography to create malwares. The use of
cryptovirology has been increasing day by day as new algorithms to encrypt are
published regularly.
History of WannaCry
National Security Agency(NSA) of the United States of
America had found a way to exploit the vulnerability of the SMB (Server Message
Block) protocol of the Microsoft Windows OS. The exploit called EternalBlue
grabbed hold of Microsoft’s collar and was breaching into people’s messages and
emails. A group of hackers known by the name “Shadow Brokers” leaked the
exploit and the methods which caused a huge outcry on the internet. After the
leak of the exploit done by the NSA, computer hackers started developing a new
ransomware which infected the computer through attached email files pretending
to be legitimate and encrypting the data in the computer. This new project was
called “WannaCry”. WannaCry started to spread with a huge bang. After its
release on 12 May 2017, it started infecting more than 230,000 within a day.
WannaCry demands $300 equivalent Bitcoins in the form of ransom within 3 days
of encryption and after that the ransom will rise. After 7 days if failed to
submit the ransom, WannaCry will erase all the data from the computer. Bitcoin
which is demanded for ransom is a type of cryptocurrency which works by
securing transactions by various cryptographic algorithms and returning units
of digital currency. Bitcoin was invented in 2009 by a programmer or a group of
programmers under the name Satoshi Nakamoto.
How does WannaCry
work?
As stated earlier a ransomware demands for ransom in
exchange for the freedom of the data. So, WannaCry does the same. Initially,
WannaCry is attached to an email which looks legitimate and is sent to the
target computer user. As soon as the email is opened, WannaCry installs
DoublePulsar which is an exploit tool developed by the NSA onto the system and
encrypts all the data except for two files i.e. the ransom note and the
directions to buy Bitcoins. WannaCry has affected major international companies
like FedEx, Renault, Nissan, Bank of China, Hitachi etc. and have caused severe
damage worth millions.
Is there a solution?
A “white-hat” hacker accidentally triggered the “killswitch”
of WannaCry after he discovered a URL in the malware and registered it which
shut the ransomware and stop its spreading. But soon WannaCry got updated and
the killswitch no longer worked after registering the URL.
So, the best way to stay safe from WannaCry is firstly to
keep all data backed up. Keeping backup data can be very useful because
situations where erasing of data might happen and other various factors.
Second, not to open emails from unknown sources or verify the emails by cross
checking if sent (it might pretend to be your boss) by someone you know.
Thus, WannaCry has caused a major headache to the cyber
security society due to its sneaky behavior and its encryption method. And
people affected by WannaCry are URGED NOT TO PAY THE RANSOM, because if paid it
will encourage the hackers to do more stuffs like this and nobody’s data or
privacy will remain private.
Improve more 😊
ReplyDeleteNice one bhai. I learned new things.
ReplyDelete