Ransomware is not a surprise but this one surprised entire IT industry, mainly because of its super fast spreading behavior. WannaCry started on Friday, 13th May, and according to the records over 200,000 computers were infected across 99 countries. UK heath sector was effected severely.
Just like any other ransomware, WannaCry encrypts the disk and ask for money for the decryption key. This works for some ransomware some times, but not all the time. So far, no idea whether the ransom will work for WannaCry.
WannaCry uses a windows SMB v1 vulnerability to spared within the network and it act as a worm, which means spreading on its own. This is why WannaCry is pretty dangerous in terms of spreading and of course organizations are either not patching windows regularly or not upgrading. For example, UK heath sector was using windows XP boxes.
It is interesting and also funny to talk about the windows SMB vulnerability, simply because NSA is the one who developed the exploit for it and they called the exploit as EternalBlue. Unfortunately NSA got hacked by a group called "The Shadow Brokers" and set of exploits including EternalBlue got leaked. However Microsoft released a patch for the SMB v1 vulnerability in march and also user can disable the SMB v1 to protect them self's from WannaCry.
Interesting point here is why NSA developed and keep these exploits with them. Also after these exploits were stolen, NSA did not inform Microsoft about the vulnerabilities. It is really disappointing because according to the name, it is about national security, but in reality they are just any other hacking group. In a way it is proving that government sponsored hacking organization exists and then who is going to save us? almighty god or other hacking groups?.
Just like any other ransomware, WannaCry encrypts the disk and ask for money for the decryption key. This works for some ransomware some times, but not all the time. So far, no idea whether the ransom will work for WannaCry.
WannaCry uses a windows SMB v1 vulnerability to spared within the network and it act as a worm, which means spreading on its own. This is why WannaCry is pretty dangerous in terms of spreading and of course organizations are either not patching windows regularly or not upgrading. For example, UK heath sector was using windows XP boxes.
It is interesting and also funny to talk about the windows SMB vulnerability, simply because NSA is the one who developed the exploit for it and they called the exploit as EternalBlue. Unfortunately NSA got hacked by a group called "The Shadow Brokers" and set of exploits including EternalBlue got leaked. However Microsoft released a patch for the SMB v1 vulnerability in march and also user can disable the SMB v1 to protect them self's from WannaCry.
Interesting point here is why NSA developed and keep these exploits with them. Also after these exploits were stolen, NSA did not inform Microsoft about the vulnerabilities. It is really disappointing because according to the name, it is about national security, but in reality they are just any other hacking group. In a way it is proving that government sponsored hacking organization exists and then who is going to save us? almighty god or other hacking groups?.
No comments:
Post a Comment