Page 59 - Cyber Warnings
P. 59
WannaCry Remedies : The Second Wave of Attacks
th
Since May 12 , over 200,000 victims in 150 countries have been hit by a massive, international
ransomware cyberattack called WannaCry.
Ransomware is a type of malware that works by seizing control of and blocking access to a
computer’s files, programs, and operations.
Users are then informed that they must pay a certain amount in order to regain access to their
files, with the threat of permanently losing all of their data if they choose not to pay.
In the WannaCry attack, users were given three days to make the payment before the fee
increased, and seven days before the files would be lost forever. (http://blog.easysol.net/ffiec-
issues-ransomware-alert/)
How did we get here?
th
March 14 – Microsoft released a patch for vulnerabilities in its operating system, reportedly
likely to have been tipped off by the NSA.
(https://www.nytimes.com/2017/05/14/world/europe/cyberattacks-hack-computers-monday.html)
April 14 – The Shadow Brokers, a group of hackers that emerged in August 2016, released
several hacking tools that reportedly originally belonged to the NSA. They also
released a message citing various political motivations for leaking the information.
May 12 – Computers around the world running older operating systems or that had not yet been
updated with Microsoft’s March security patch were infected by the massive attack.
Among those affected were hospitals, universities, and government agencies.
A UK cybersecurity researcher discovered a kill switch in the attack code and
inadvertently hindered the spread of the malware in the United States.
However, the kill switch was unable to help systems that had already been affected,
and it is likely that the hackers will send out more attacks without the kill switch
included. (https://arstechnica.com/information-technology/2017/05/wanna-decryptor-
kill-switch-analysis/)
May 15 – The number of victims continues to be updated as employees return to their work
computers on Monday morning.
In addition, the kill switch has been turned off in the latest variant, making the
previous slowing of the infection
59 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
