WannaCrypt: Ransomware that shook the whole world


A malicious worm called WanaCrypt had infected thousands of users across more than dozen countries. The malicious virus took leverage of the security loophole in one of the networking protocol of Microsoft which in-turn was leaked from NSAs cyberweapon arsenal. Russia was the worst hit, followed by Ukraine and India. It affected government organisations, companies and individual users alike by decrypting their data and locking them out of their computers and providing access only if ransom of $300 worth of bitcoins are transferred within 3 days to an anonymous accounts. It was a well articulated exploit which spread exponentially across the global network. The worm like capability of the malware would be best described analogically to an atom bomb which multiplies exponentially to reach new victims after being unleashed in a particular network. The malicious software was a variant of WanaCry ransomware and was spread through email. Malware was in compressed format so that it could fly under the radar of firewalls or anti virus software and only came to action when the user opened the file.

Screen Shot 2017-05-13 at 11.07.28 PM.png

It is still not clear if the victims of attack have gone ahead with paying the ransom to the hackers. But the most shocking part of the whole incident is the NSA connection. An entity called ‘Shadow Brokers’ had started leaking the stockpile of cyberweapons under the control of NSA and this particular loophole called ‘Eternal Blue’ was part of it. This is the precursor to the sophistication, velocity of spread and use of government created hacking weapons to be unleashed upon the citizens themselves.

British hospitals that were struck with attack couldn’t access patient records and emergency patients couldn’t be handled due to chaos which ensued. Kremlin had 1000s of its internal ministry computers affected by the attack.

Ironically global cyber attack was stopped by an accidental hero who happened to stop the spread of malware by activating a killswitch. Kill switch for the malware was actually a hardcoded peace of code which was tied to a particular domain and sinkholing that domain stopped the further spread of ransomware epidemic  momentarily.

The whole incident just sheds whole new flash of light on the fact that as soon as we as  individuals, E Corps and society start to get too comfortable & excessively reliant on networks and machines we built , some fSocieties of the world will break through the feeble security walls to shake us out of our comfort zones.

Leave a Reply