Pageviews

Monday, May 15, 2017

Tech | Ransomware: Technology’s most devastating cyber-attack, and one man’s accidental break

If you’ve been following recent happenings in the technology world, you must have come across this. You must have heard about some "virus" that attacked and disabled health systems in the UK, leaving thousands of patients stuck in limbo.

Running under the name "WanaCrypt0r" or WannaCry, the ransomware demanded that users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warned that the “payment would be raised” after a certain amount of time.

The orchestraters of this malware were creative enough to craft translations of this ransom message in at least 28 languages.

Ransonmware, for the uninitiated, is a type of malicious software that carries out the (cryptoviral) extortion attack from cryptovirology that blocks access to data until a ransom is paid.

It displays a message requesting payment before it can be unlocked. Simple ransomware may lock the system in a manner that is not difficult for a knowledgeable person to reverse (Wikipedia).

Around the globe, Wannacry continued to wreak havoc in many a system, harvesting estimated hundreds of thousands of dollars in the process.

This was until one security expert inadvertently stopped the malware in its tracks. The tech world’s latest hero, a 22-year old reclusive security specialist who chooses to hide behind his tech blog – Malware Tech – is as a security researcher at Los Angeles-based Kryptos Logic.

Malware Tech studied the malware’s behavior and noticed that as soon as it installed itself on a new machine, it tried to send a message to an unregistered Internet address, or domain name.

The malware contained code that pinged an unregistered web address, and if it didn't get back a message saying the address didn't exist, it would turn itself off.

The bulk of his work was done as soon as he had identified this. His next step was to register the domain and see what would follow. Little did he know that by doing so, he had inadvertently stopped what is believed to be one of the world’s biggest cyber-attacks in recent times.

Computers that were already infected with the ransomware weren't protected but the ransomware stopped spreading except in isolated systems, said Craig Williams, a senior technical leader at American security company Cisco Talos.

Are we out of the woods yet?

Not yet, Malware Tech warns. “This is not over. The attackers will realize how we stopped it. they’ll change the code and then they’ll start again. Enable windows update, update and then reboot”, he adds.

Obviously the guys that did the first code aren’t - in Ugandan speak - “sleeping”. One slight modification of the code and the world’s rear will be on fire again.

The folks at Microsoft certainly foresaw this when they released a security patch a couple of months back – March 14, 2017 – to be exact, though computers that have not installed the security update remain vulnerable.

I had stubbornly procrastinated patching my Windows (because I was trying to avoid the several restarts that come with these), but I have finally been cornered after the VPNs I use got locked until I have the required fixes in place.

Is your system patched and protected? 

No comments:

Post a Comment

Please leave your comment here...