If you’ve been following recent happenings in
the technology world, you must have come across this. You must have heard about
some "virus" that attacked and disabled health systems in the UK, leaving
thousands of patients stuck in limbo.
Running under the name "WanaCrypt0r" or
WannaCry, the ransomware demanded that users pay $300 worth of cryptocurrency
Bitcoin to retrieve their files, though it warned that the “payment would be
raised” after a certain amount of time.
The orchestraters of this malware were creative
enough to craft translations of this ransom message in at least 28 languages.
Ransonmware, for the uninitiated, is a type of
malicious software that carries out the (cryptoviral) extortion attack from
cryptovirology that blocks access to data until a ransom is paid.
It displays a message requesting payment before it
can be unlocked. Simple ransomware may lock the system in a manner that is not
difficult for a knowledgeable person to reverse (Wikipedia).
Around the globe, Wannacry continued to wreak havoc
in many a system, harvesting estimated hundreds of thousands of dollars in the
process.
This was until one security expert inadvertently
stopped the malware in its tracks. The tech world’s latest hero, a 22-year old
reclusive security specialist who chooses to hide behind his tech blog –
Malware Tech – is as a security researcher at Los Angeles-based Kryptos Logic.
Malware Tech studied the malware’s behavior and
noticed that as soon as it installed itself on a new machine, it tried to send
a message to an unregistered Internet address, or domain name.
The malware contained code
that pinged an unregistered web address, and if it didn't
get back a message saying the address didn't exist,
it would turn itself off.
The bulk of his work was done as soon as he had
identified this. His next step was to register the domain and see what would
follow. Little did he know that by doing so, he had inadvertently stopped what
is believed to be one of the world’s biggest cyber-attacks in recent times.
Computers that were already infected with the ransomware weren't protected but the ransomware stopped spreading except in isolated systems, said Craig Williams, a senior technical leader at American security company Cisco Talos.
Are we out
of the woods yet?
Not yet, Malware Tech warns. “This is not over. The
attackers will realize how we stopped it. they’ll change the code and then
they’ll start again. Enable windows update, update and then reboot”, he adds.
Obviously the guys that did the first code aren’t -
in Ugandan speak - “sleeping”. One slight modification of the code and the
world’s rear will be on fire again.
The folks at Microsoft certainly foresaw this when
they released a security patch a couple of months back – March 14, 2017 – to be
exact, though computers that have not installed the security update remain
vulnerable.
I had stubbornly procrastinated patching my Windows (because I was trying to avoid the several restarts that
come with these), but I have finally been cornered after the VPNs I use got
locked until I have the required fixes in place.
Is your system patched and protected?