WannaCry

WannaCry is a ransomware worm which infected numerous computer networks throughout the world in May 2017.  The target for WannaCry was Windows computers: the worm encrypts files on the computer hard drive, which makes them impossible for users to access.  When this happens, the hackers demanded a ransom payment of $300 in Bitcoin in order to decrypt them.  WannaCry also infected computer systems at the UK’s National Health Service by exploiting the Windows system vulnerability.  This weakness may first have been discovered by the United States National Security Agency and is possibly linked to the Lazarus Group. This cyber crime organisation may have connections to the North Korean Government.  The WannaCry ransomware consists of several components; first, it arrives on the infected computer in the form of a dropper; then a self-contained program extracts the other application components embedded within itself. The programme code used by WannaCry was not complicated for cyber security professionals to analyse.  WannaCry aims to access a hard-coded URL known as the kill switch.  If WannaCry cannot find the coded URL, it will carry on searching for it by encrypting files in the various types of Microsoft Office files to MP3s and MKVs, leaving them inaccessible to the user followed by the display of a ransom notice for Bitcoin to decrypt the data.  However, new malware based on the same EternalBlue code as WannaCry has been detected. EternalBlue-based malware exploits the same Windows vulnerability: therefore, computer operating systems need to be regularly updated with more advanced software.