A unique strain of ransomware known as ‘’WannaCry’’or ‘’Wanna DeCryptor’’, ‘’wcry’’, infected more than 300,000 vulnerable systems globally, across 150 countries since Friday, 12 May, 2017.
WannaCry installs Doublepulsar – a backdoor that allows the device to be remotely controlled. The malware freezes the infected device, pops up a red screen with the message, “Oops, your files have been encrypted!” It goes ahead to demand ransom payment in Bitcoin (equivalent to $300-$600) before subsequently destroying the encrypted files if payment is not made.
To offer an insight on the consequences of the WannaCry ransomware attack, the Chinese state media says about 29,372 institutions was infected along with hundreds of thousands of devices. In Japan, 2,000 computers at 600 locations were reportedly affected.
The ‘’WannaCry’’ransomware attack also denied access to confidential patient information, stalled x-rays, surgeries and other critical healthcare services in at least 47 hospitals under the auspices of the United Kingdom’s National Health Service (NHS). The list goes on. Envisage a Stuxnet cyberattack on a vulnerable nuclear warhead or submarine. Tragedy!
What Is A Ransomware?
Ransomware is coined from the age-old word- ransom – money demanded for the return of a captured person or something valuable. Ransomware is a malicious software remotely deployed by cybercriminals or cyber-extortionists to encrypt, or hold valuable digital information ‘hostage’ until a ransom is paid.
Who Was Responsible For WannaCry Ransomware?
Ransomware, cybersattacks could be propagated by Nation States (cyberwarfare, cyberterrorism), or by cybercriminals who render ‘ransomware-as-a-service’ (RaaS) – offering tools or charging clients a fee to help them disseminate ransomware.
Preliminary technical clues, coding similarities connects the WannaCry ransomware cyberattack to the Lazarus Hacking Group, a North Korean cyber outfit previously blamed for the cyberattack, theft of $81 million from a Bangladesh bank in 2016 and on Polish banks in February 2017.
It is widely accepted that masterminds of ‘’WannaCry’’ ransomware exploited the ‘Eternal Blue Hacking Weapon’ created by the United States’ National Security Agency (NSA) which was stolen and dumped online by the ‘’Shadow Broker’’ hacking group to gain access to systems powered by Microsoft Windows.
Why Ransomware, Cyberattacks Will Persist
The proliferation of ransomware, cyberattacks is not surprising to tech-savvy minds because a Kaspersky Lab’s IT Threat Evolution Q1 2016 report envisioned ransomware emerging as the biggest cybersecurity threat.
Similarly, the United States Securities and Exchange Commission (SEC) warned in 2016 that the biggest risk the financial system faces is cybersecurity. A cybersecurity special report suggests that ransomware will worsen due to the increasing penetration and inherent vulnerabilities in Internet of Things (IoT), medical devices, web cameras, IP Phones, Internet Protocol (IP) CCTV Cameras, DVRs, SmartHouses or SmartCities, wearables such as SmartWatches, public Wi-Fi, and proliferation of mobile Apps with malicious codes, amongst others.
The good news is that there are ways around ransomware, cyberattacks. As we know, prevention is better and cheaper than cure.
Modus Operandi of WannaCry Ransomware
Attackers can distribute ransomware via email attachments, exploit kits, botnets. The WannaCry ransomware attack essentially employs a notorious vulnerability in Microsoft Windows operating system to spread and infect machines.
Solution To Ransomware, Cyberattacks
F-Secure, a Finnish cyber security and privacy company based in Helsinki, Finland, recommends the need for a four-phase approach to cybersecurity: Predict, Prevent, Detect, and Respond. Predict by performing an exposure analysis; prevent by deploying a defensive solution to reduce the attack surface; respond by determining how a breach happened and what impact it had on systems; and detect by monitoring infrastructure for signs of intrusion or suspicious behaviour. Let’s further elaborate how to prevent ransomware, cyberattacks.
It is encouraging that Nigeria’s National Information Technology Development Agency (NITDA) has asked Nigerians to contact its Computer Emergency Readiness and Response Team (CERRT) for assistance regarding ransomware, cyberattack. CERT can be reached via telephone on +2348023275039 or e-mail: email@example.com. Given the proliferation of ransomware, cyberattacks and given the fact that cybersecurity is constantly evolving; it is incumbent on the Nigerian government and relevant agencies to formulate and implement an up-to-date national cybersecurity policy that is fit for purpose. Ongoing public awareness on cybersecurity issues and best practices will be of help.
Written by:© Don Okereke
(Security Junkie/Analyst/Consultant, Writer)
CEO Holistic Security Background Checks Limited (RC 1407617)
Follow me on Twitter: @donokereke