Tech Translation: What Is WannaCry Ransomware And Why You Should Care | The Odyssey Online
Start writing a post
Lifestyle

Tech Translation: What Is WannaCry Ransomware And Why You Should Care

Learn how this malware augmented with leaked NSA hacking methods caused panic for days.

18
Tech Translation: What Is WannaCry Ransomware And Why You Should Care
Trust Marque

Several times over the past year you may have heard about NSA computer surveillance tools and code being publicly leaked. An anonymous hacker group known as The Shadow Brokers recently took credit and even tried to auction off these tools.

Imagine stealing a few missiles from an army base and putting them up on eBay. This is no less serious.

"This is quite possibly the most damaging thing I've seen in the last several years.
This puts a powerful nation-state-level attack tool in the hands of anyone."

Matthew Hickey, Hacker House

This past weekend, version 2.0 of the WannaCry ransomware utilized the hacking power in those NSA leaks to infect hundreds of thousands of computers around the world. Not just your grandma's computer either. This attack locked computers at factories, hospitals, and institutions for a few days until being heroically crippled thanks to the hard work of one independent security researcher.

So what the hell is going on? What's ransomware and why does it make me WannaCry?

That's our Tech Translation topic, class is in session.


So what happened?

Ransomware is a particularly nasty type of computer malware. Once inside a system, the program takes your data hostage (or at least pretends to) until a ransom payment is made to the attackers, usually via hard-to-trace online currencies like Bitcoin.

The WannaCry authors took this to the extreme by encrypting your data until a payment is made.

PRO TIP: if ransomware happens to you, don't ever pay. What incentive do criminals really have to keep their word and restore your files? Zero.

When used by the good guys, encryption is a standard security practice. It basically scrambles your data into an alien language behind the scenes so anyone without a proper key can't read it. Ransomware will send that key back to its master before deleting itself, leaving you to sit there with your mouth open.

After the initial batch of infections, most likely through spearphishing attacks, WannaCry used the Windows SMB vulnerability information and tools stolen from the NSA to bypass normal security measures and spread automatically to other computers. That's what made this so horrible.

The NSA used these vulnerabilities for years without telling Microsoft. Computers running older versions of Windows like XP, 7, 8 and Server 2003 were at the highest risk. Microsoft actually released a security patch in March this year to address these vulnerabilities when they leaked, even for XP the day after the attack.

The problem is that so many machines around the world had not been updated to that critical security patch and remained vulnerable.

Needless to say, Microsoft is furious with the NSA.

Who done it?

Nobody's really sure right now. We can assume it's the same authors as WannaCry 1.0, which did not utilize the NSA tools and failed to spread effectively.

Russian malware typically tries to avoid infecting fellow citizens, but WannaCry doesn't mind infecting computers set to Cryllic (Eastern Europe / North and Central Asia). Time-stamps in the code suggest maybe Japan, Indonesia, Korea or far East China / Russia.

Other evidence points to a new group of amateur hackers. For instance, hundreds of thousands of victims were hit around the world. Even Trevor Noah had a WannaCry segment on his March 15th evening show. Not so subtle; law enforcement is pissed.

Also, only a $300 ransom? Psh. I would have demanded at least $500. Noobs.

If it's so scary, why aren't we all infected yet?

Like I said, updated computers didn't have much to worry about. Windows 10 has the fixes already. This was more of a problem for larger organizations or lazy people.

Also, one security researcher Marcus Hutchins, known as MalwareTech, found the hidden Achilles Heel.

To analyze and observe malware in action, programs are confined to little digital jail cells known as virtual machines: Windows inside of Windows. They can run but cause no harm. It's standard practice.

Remember Volkswagen's diesel emission scandal? Cars could detect when they were being inspected and started operating differently to pass. Malware can have similar features.

To know if their virus is being inspected, one method is to make it call out to one or more random URLs. When inside a jail cell, the reply would be the same "YES" for all addresses and the virus will basically shut down to avoid study. If not being inspected, those calls should return as "NO" and it would try and spread further.

In this case, when Marcus saw the URL being called he immediately registered it for like $10. This caused every instance of WannaCry around the world to think it was being inspected and stop spreading.

This gave other countries, organizations and security buffs some more time to get a handle on the situation. The authors could have registered it themselves, but didn't. Noobs.

Check out his whole blog write-up here.


Aftermath

The bitcoin addresses given by the thieves are being monitored. Bitcoin might be "anonymous" and decentralized, but transaction information is still publicly recorded. With enough study, patterns and identities could be discerned in time.

The National Health Services (NHS) of England and Scotland were hit hard with up to 70,000 devices including computers, MRI scanners, and blood refrigerators being affected. Some NHS services had to turn away non-critical emergencies and ambulances for a time.

Some factories and companies shut down for a day to stop it from spreading further and perform cleanup. Bloomberg has an article detailing more about affected entities.

Microsoft denounced the NSA for hoarding information like that. Ultimately it causes more harm than good when things reach the wrong hands. They want the world to see this as a warning. If a few amateurs can accomplish this, imagine what a team of veteran hackers could accomplish.


That's all folks. Hopefully, you learned to keep your machines updated.

Drop a comment or reach out on social media to discuss with me.

@pjmulroe #MakeSecurityGreatAgain #WannaCry

https://www.troyhunt.com/everything-you-need-to-kn...

http://www.bbc.com/news/technology-39924318

https://en.wikipedia.org/wiki/WannaCry_ransomware_...

Report this Content
This article has not been reviewed by Odyssey HQ and solely reflects the ideas and opinions of the creator.
Featured

15 Mind-Bending Riddles

Hopefully they will make you laugh.

184587
 Ilistrated image of the planet and images of questions
StableDiffusion

I've been super busy lately with school work, studying, etc. Besides the fact that I do nothing but AP chemistry and AP economics, I constantly think of stupid questions that are almost impossible to answer. So, maybe you could answer them for me, and if not then we can both wonder what the answers to these 15 questions could be.

Keep Reading...Show less
Entertainment

Most Epic Aurora Borealis Photos: October 2024

As if May wasn't enough, a truly spectacular Northern Lights show lit up the sky on Oct. 10, 2024

11003
stunning aurora borealis display over a forest of trees and lake
StableDiffusion

From sea to shining sea, the United States was uniquely positioned for an incredible Aurora Borealis display on Thursday, Oct. 10, 2024, going into Friday, Oct. 11.

It was the second time this year after an historic geomagnetic storm in May 2024. Those Northern Lights were visible in Europe and North America, just like this latest rendition.

Keep Reading...Show less
 silhouette of a woman on the beach at sunrise
StableDiffusion

Content warning: This article contains descriptions of suicide/suicidal thoughts.

When you are feeling down, please know that there are many reasons to keep living.

Keep Reading...Show less
Relationships

Power of Love Letters

I don't think I say it enough...

455110
Illistrated image of a letter with 2 red hearts
StableDiffusion

To My Loving Boyfriend,

  • Thank you for all that you do for me
  • Thank you for working through disagreements with me
  • Thank you for always supporting me
  • I appreciate you more than words can express
  • You have helped me grow and become a better person
  • I can't wait to see where life takes us next
  • I promise to cherish every moment with you
  • Thank you for being my best friend and confidante
  • I love you and everything you do

To start off, here's something I don't say nearly enough: thank you. Thank you, thank you, thank you from the bottom of my heart. You do so much for me that I can't even put into words how much I appreciate everything you do - and have done - for me over the course of our relationship so far. While every couple has their fair share of tiffs and disagreements, thank you for getting through all of them with me and making us a better couple at the other end. With any argument, we don't just throw in the towel and say we're done, but we work towards a solution that puts us in a greater place each day. Thank you for always working with me and never giving up on us.

Keep Reading...Show less
Lifestyle

11 Signs You Grew Up In Hauppauge, NY

Because no one ever really leaves.

24868
Map of Hauppauge, New York
Google

Ah, yes, good old Hauppauge. We are that town in the dead center of Long Island that barely anyone knows how to pronounce unless they're from the town itself or live in a nearby area. Hauppauge is home to people of all kinds. We always have new families joining the community but honestly, the majority of the town is filled with people who never leave (high school alumni) and elders who have raised their kids here. Around the town, there are some just some landmarks and places that only the people of Hauppauge will ever understand the importance or even the annoyance of.

Keep Reading...Show less

Subscribe to Our Newsletter

Facebook Comments