A recent internet scam was labeled “Amateur Hour”. The “Wanna Cry” attack was very poorly coded attack. Nonetheless, it shut down hospitals, railways, ATM’s and caused more havoc worldwide than all other recent internet scams.
The code contained a specific footprint. That footprint helped identify where the attack originated and who was behind it. A group called the Shadow Brokers stole files last April from the National Security Administration (NSA) and posted them on the internet. Previous evidence links this group indirectly with North Korea.
The stolen software was the “EternalBlue” exploit. Eternal Blue was a US government cyber weapon. It exploited software flaws in Microsoft Windows. Using this software enabled the “Wanna Cry” attack to spread quickly.
The FBI Report on the WannaCry Attack
The statement issued by the FBI on May 13, 2017 describes the attack as a widespread ransomware campaign. It affected tens of thousands of computers in 99 countries. These countries included the United States, United Kingdom, Spain, Russia Taiwan, France and Japan.
On May 12th shortly after 9:30 am, the MalwareHunterTeam spotted a malware. In roughly 4 hours it started invading Britain’s healthcare services.
The speed at which this attack moved has been one of Apples concerns. Tim Cook expressed concerns about the government having access to their platform.
It started when the FBI wanted Apple to allow them to access their operating system. Tim Cooks refusal to help the FBI. He clearly cites concern that every time the government is allowed to hack software, it always falls into the hands of the bad actors.
Microsoft Blames the US Government
Microsoft has blamed the attack on the NSA for developing “EternalBlue” exploit. It was the code that the hackers used in creating the Wanna Cry ransomware attack. This exploit uses windows along with a worm to infect computers. Sadly, without the necessity of a user doing anything such as clicking a link.
Microsoft was criticized as well. They stopped updating security to their older software, unless the owners purchased additional updates. It was a type of ransom in itself that caused serious security flaws with many computers.
According to Tass Russian News Agency, Russia reported some attacks on their railways, but claimed it did not affect operations of the trains.
British Researcher Finds a”Kill Switch” For The Wanna Cry Virus
Ransomware on Steroids
Usually Ransomware comes in the form of an email with and attachment. Once opened, the virus infects the computer. Unfortunately, the addition of the “EternalBlue” code seemed to infect computers without the normal link clicked.
This normally does not happen if the computer is protected with good security software and updated regularly. The problem lies in older software without the latest updates.
Some older software still being used is no longer updated by Microsoft.This is the reason Microsoft Windows 97, Vista and Windows 8 and 9 got hit hard.This attack also affected US medical devices as well.
The Botched Ransom Payments
When the ransomware becomes active, it encrypts all the data on the hard drive. The encrypted data needs a key to remove the encryption. When the ransom payment was received a key would be provided. However, there are never any guarantees.
Bitcoins is normally the payment of choice by the scammers, because it is hard to trace. However, in this case the hackers actually made some mistakes that allowed for easier tracking of the Bitcoin payments.
In the case of the Wanna Cry, it was a manual procedure to make payments. It would have been impossible to restore hundreds of thousands of computers in 7 days manually. As a result, payments would not have been paid in time.
The “Wanna Cry” ransom payment amount was .1781 bitcoins, or roughly $300 US. Victims would have to pay to have the files unlocked. After 3 days, it increases in cost to $600.The data would be permanently deleted after 7 days.
NSA Defector Edward Snowden Blames NSA
Helpful Hints to Prevent Such Attacks
- Always use website security software and keep it updated.
- Make sure you have the latest updates installed in your operating system.
- Never click on links in emails you are not familiar with.
- Look carefully at unusual emails, and send an email to ask if it was send by the person.
- Frequently back up your data and store it off-line.
Recent Internet Scams and the Lazarus Group
Where are these attacks coming from? Who is responsible? In February 2017, the Polish media blamed a “notorious group of hackers” for numerous malware attacks on banks.
They didn’t name them, but they were referring to a group now known as the Lazarus Group. The Lazarus Group were notorious for cyber bank attacks.
One attack in particular was the $81 Million heist of the Central Bank of Bangladesh in early 2016.
Kasparsky has done an extensive amount of research of the malware used by this group. This research has given Kasparsky the ability to block all malware used by this group to date.
Cryptowall and Cryptolocker
The Wanna Cry attack is just one in many ransomware attacks. Cryptowall and Cryptolocker are probably the most well known. Cryptolocker would take away the users ability to operate the computer. The only way to restore the computers function, was payment of a demanded ransom.
I am well aware of that malware, being a victim myself. Anyone refusing to pay ransom had their computer locked. And,the stored data is inaccessible.
It is a helpless and frustrating experience. If I had backed up my data, then I could have wiped the computer clean and reloaded my files. Read my article Internet Scams That Lock Your Computer
Sometimes FBI Recommends Paying the Ransom
But, what do you do if you have important files that you must try to recover?
If you haven’t backed them up,the FBI recommends paying the ransom! If you have no other choice, what else can you do? They recommend you back up your files first, but if you didn’t…then you can always pay.
There is no guarantee you will get your data back, but maybe you will?
A part of code used in the Wanna Cry attack resembled code used in the Hangman Malware. It was a malware virus that appeared in 2014-15.
The Hangman Malware” virus, was the same code used by the Lazarus Group. And the Lazarus Group has known ties to North Korea as their point of origin.
Sixty-one percent of the malware samples linked to the Lazarus Group contain Korean PE locality or Korean language. No-one is making any outright claims, but the clues point to North Korea.
Analysts reported that the system the hackers used made it impossible to know who paid the ransom.Apparently,the ransomware was not correctly set up for profit.
Then, what was the real reason for the attack? If it wasn’t money, then the purpose could have been to ultimately cause as much widespread destruction as possible.
Wanna Cry – The Most Widespread & Contagious Virus Yet
This attack spread quite quickly and infected the largest number of countries and computers to date. Using the “EternalBlue” code enabled the rapid spread of the attack.
It was a self-replicating event that quickly caused an alarming amount of worldwide disruption. The only flaw may have been the fact, that the hackers only knew how to make the “EternalBlue” code work.
When more sophisticated hackers refine the next attack, the world can expect much worse.
This is a wake-up call for us all. Keep your computers protected and back-up data.
It may be a time consuming inconvenience to delete malware. And reloading your data from backup sources, can be a pain. But, that is far better than to lose all of it forever. Paid ransoms are definitely no guarantee you will get your data back.
The hackers involved, received an estimated $100,000 in paid ransoms. Worldwide financial and economic loss estimates exceeded 4 billion in US dollars.
This was not a success for ransom payments. Nonetheless, it certainly raised havoc and caused worldwide damage. It demonstrated just how vulnerable our software systems really are.
Don’t put yourself and your computer or even phone at risk. Update often, and don’t click on any link or pop up ad you don’t recognize.
Learn more about scams in my article Scams and Frauds.
Live life on your terms