WannaCry Archives

WannaCry

WannaCry is a ransomware worm that infected numerous computer networks worldwide in May 2017 and targeted Windows computers. The worm encrypts files on the computer’s hard drive, making them impossible for users to access. When this happens, the hackers demand a ransom payment of $300 in Bitcoin to decrypt them.

WannaCry also infected computer systems at the UK’s National Health Service by exploiting the Windows system vulnerability. The United States National Security Agency may have first discovered this weakness and is possibly linked to the Lazarus Group, a cyber crime organisation that may have connections to the North Korean Government.

The WannaCry ransomware consists of several components; first, it arrives on the infected computer as a dropper; then, a self-contained program extracts the other application components embedded within itself. The programme code used by WannaCry was not complicated for cyber security professionals to analyse.

WannaCry aims to access a hard-coded URL known as the kill switch. Suppose WannaCry cannot find the coded URL. In that case, it will search for it by encrypting files in the various Microsoft Office files to MP3s and MKVs, leaving them inaccessible to the user, followed by the display of a ransom notice for Bitcoin to decrypt the data.

However, new malware based on the same EternalBlue code as WannaCry has been detected. EternalBlue-based malware exploits the same Windows vulnerability; therefore, computer operating systems must be regularly updated with more advanced software.

In addition to keeping operating systems updated, it is also important to have strong security measures, such as firewalls, anti-virus software, and intrusion detection systems. Regular backups of important data can also help mitigate the impact of a potential malware attack.