All about the Ransom ware that has been keeping everyone on their toes
Much like the plot of a sci-fi cyber-crime movie, the world woke up to a rude shock on May 12th when a malware crippled the operations of big organizations and corporations by hacking into their computers and locking them out of their own data unless they paid a ransom of $300 (over Rs. 19000). The particular malware, aptly titled ‘Ransomware’ is named WANNACRY and was created by hackers after they got their hands on a treasure trove of super secretive cyber- attack tools from USA’ s National Security Agency last month. The cyber-attack has hit more than 2,00,000 computers in 150 countries, and over $50000 have been paid so far, according to a cyber-company.
HOW IT WORKS
Wannacry users can get infected by malware either by clicking or downloading malicious files, which then locks files on the computer and encrypts them in such a way that the user cannot access them anymore. A pop-up window appears with instructions on how to pay a ransom amount of $300 that too only in the form of Bit coins – the most popular form of crypto currency that’s hard to trace. The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600 and another showing a deadline of when the target will lose its data forever.
The malware only affects Microsoft’s Windows Operating System, exploiting vulnerability in it. The infections are deployed via a worm, spreading itself within a network rather than relying on humans to spread it by clicking on an infected attachment.
HARDEST HIT
The cyber-attack has not spared anyone – governments, hospitals and major companies are still battling it. Among the organizations affected by it, the major ones include UK’s National Health Service, Spanish Telecommunications operator Telefonica, Germany’s rail network Deutsche Bahn, US Logistics Giant FedEx and Russia’s Interior ministry. Those that were partially affected include universities in China, companies in Japan, France and Australia and hospitals in Indonesia. In India, the police computer systems in Andhra Pradesh and some companies in Bengaluru, Mumbai and Hyderabad were hit.
THE INADVERTENT HERO
The cyberattacks have slowed down, thanks to the brilliance of 22-year old British Security Researcher, Marcus Hutchins. While investigating the attack, he noticed that the malware was trying to contact a specific web address each time it infected a new computer, and that the web address it is trying to contact had not been registered. So, Marcus registered it by buying it for $10.69. By owning it, he was not only able to see where computers were accessing the ransomware from, but it also triggered part of the ransomware’s code – a kill switch- that stopped it from spreading. The kill switch is basically a code used by the attackers to halt the spread of their software if the things start to get out of hand.
According to him, this attack could be prevented and further said that Microsoft should not be held responsible for this. A month prior to this, Microsoft had released a free patch- an update that is designed to strengthen security vulnerabilities to counter the exact weakness that the ransomware is exploiting. Users who had their systems up to date were safe; it was only the ones who hadn’t installed it that suffered.
FAR FROM OVER
While the identity of the attackers remains unknown, the attacks have slowed down, thanks to Marcus. Security experts around the world are still wary about it. Besides, the registration of the web address does not repair computers which are already infected. The cyber-attack has also reignited the debate over whether or not governments should disclose vulnerabilities they discover, instead of stockpiling them and using them to their advantage as and when it is needed.