Last Friday, the world witnessed what was essentially its biggest ransomware attack to date. And it seems that could get bigger this Monday when this ransomware tries to come around like a case of bad breath.
Ransomware, often thought of to be nothing more than a nuisance, but as we all witnessed this Friday, it could end up becoming a huge problem if it affects professionals like doctors and nurses along with those that are in need of medical care as was the case with NHS. In this case, ransomware feels more of Mickey Knox than Kevin McCallister.
What makes it ironic is the fact that WannaCry attack that took the world by storm Friday the twelfth was actually preventable with a simple security patch over Windows 10, released this March.
So How Did It All Happen?
Attackers unknown to us deployed a sort of virus targeting the mighty Microsoft’s servers running file sharing protocol SMB. Servers that weren’t updated after March 14 with new patch called “MS17-010” were the ones that took the worst of it.
Here’s where things get more Ironic. The exploit these hackers took advantage of, goes by the name of ExternalBlue was once a caged monster hidden under the deepest pits and guarded by – guess who – our very own National Security Agent. That is, until it was leaked last month by a group of hackers called ShadowBrokers who freed this metaphorical beast right under NSA’s nose. The only response NSA has provided to it is silence. Out of all the theories out there, NSA may have their very own Judas makes the most sense. That, or the hackers pulled off a Stanley Jobson on them.
This fourth horseman of apocalypse, spread across 70,000 systems and more than 150 nations like a plague and left more than 200,000 victims in its wake. Among those were a dozen plus hospitals in the UK which did pay the ransom by the way; again, FedEx’s offices in the UK; a telecom in Spain; parts of Romania and also the Interior Ministry of Russia.
This ransomware is also responsible for Renault halting its manufacturing at plants in Sandouville, France and Nissan, putting its manufacturing plant on hold in Sunderland, northeast England.
Has It Stopped?
It would seem that the attacks were through when MalwareTech pulled off an accidental hero by registering the domain name to track and thus stop the thing from spreading. But MalwareTech’s victory turned out to be short-lived because Kaspersky soon confirmed that new versions of the malware had been detected which were not stopped by the kill switch because this was what experts are calling “WannaCry 2.0.”
Europol Director Rob Wainwright feels “MalwareTech” may have predicted “another one
coming… quite likely on Monday”, according to BBC.
Like we mentioned, hackers and their tantrums do have a tendency to keep coming back like Harry and Marv from Home Alone so be armed to the metaphorical teeth when it does.
How To Safeguard Against It?
I know you’re looking for a way to recover all the data without having to pay those mean hackers, but in simplest words, WannaCry isn’t like your typical malware. It encrypts the data, locks it, and teases you with the keys to it. And since there’s no silver bullet in terms of decrypting the compromised data, the only way to cure it for now is, like the doctor often says, prevent it from happening in the first place.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.
— MalwareTech (@MalwareTechBlog) May 14, 2017
The US government did issue and alert with advice on how to protect against similar attacks, asking
victims to report them to the Federal Bureau of Investigation or Department of Homeland Security.
Circling back to preventive measures, here are some you can take to ensure your data doesn’t get compromised by a similar threat, ever again.
- Upgrade your system to Windows 10
- Update your Windows 10 to install the new security update
- Install the patch Microsoft has released for other Windows (including Windows XP)
- If you’re now having trust issues with Windows, switch to any of the popular Linux distributions like Mint, Ubuntu or Fedora.
- Store your data over cloud so even if it does get compromised, you can always recover your data from the cloud and feel good about saying, “We don’t negotiate with hackers.”
- Don’t fall for free encrypting tools like WannaEncrypt if they come out tomorrow. They could just be another trick from the same perpetrators.
And now the hardest part – assuming all your data is locked with them and you didn’t create a backup of anything before that, then the only way to recover it is to, well, “negotiate with the hackers.” In case you’re thinking if formatting the drive and installing a fresh copy would help, no, it wouldn’t because according to McAfee researchers, WannaCry deletes so-called ‘Volume Shadow’ backups often required to recover files. At the risk of sounding like a broken record, here’s another irony – ransomware hackers have always fulfilled their end of the deal, or at least that’s what history tells us. Ethical or not, that’s up for debate. But it does come down to how dear you hold that data.
Whether or not there is a 2.2 or a 3.0 version of WannaCry waiting in the figurative silos, this global incident has already left us with tons of questions like:
- Did this “leakage” came from an insider?
- Do the agencies stockpile vulnerabilities and weaknesses?
- What other weaknesses and vulnerabilities are agencies stockpiling?
- Can those vulnerabilities get leaked as well?
- Why didn’t the people update to the new patch released by Microsoft this March?
- What can happen if other vulnerabilities get leaked too?
- Can security experts keep up with hackers if the new variants appear in the future?
Regardless of the theories and the questions popping in everyone’s heads, if new cybersecurity policies can work with companies closely, will they be able to coordinate intelligence about vulnerabilities.