May 19 2017

WannaCrypt – A Week Later

A week ago, the internet went into an absolute panic over a new virus laying siege to thousands of computers across the world – WannCrypt, often shortened to WannaCry. This combination of file-encrypting ransomware and self-propagating worm wreaked havoc in many businesses during those initial days. Seemingly as soon as it had started, however, it began to decline, namely due to a combination of patches released by Microsoft to stop the worm element of it, in addition to added security precautions taken by system administrators in response to this threat.

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

At this stage, things really have died down heavily, and virtually all of the initial panic has subsided. Interestingly, I still am not aware of much of anyone not inside of a business getting attacked, making me think the malware was directly targeted at business on a whole, and not the average consumer – isolated hits happened, certainly, but they seem rare compared to the corporate attacks.

This, of course, makes sense, since a corporate computer getting hit would very quickly spread its deadly payload to all machines on that network, and the entire drive of the malware was to get money from people, namely companies, wanting their files decrypted.

We’re even at a stage where decryption tools are being developed to mitigate the issue entirely, and while these tools are only really functional in special cases, they do seem to be working to at least some usable degree (or so my understanding goes.)

Still, even though this attack is starting to fade away (we can hope, anyway), it was still designed with tools reportedly produced by the NSA, Eternal Blue and DoublePulsar, Eternal Blue being the exploit used in the worm portion of the attack, and Double Pulsar being a very dangerous backdoor agent that allows remote code execution – basically, someone who has access to such an infected system could run whatever they want, including, you guess it, more ransomware, leaving thousands of systems possibly vulnerable at the moment.

https://en.wikipedia.org/wiki/EternalBlue

https://en.wikipedia.org/wiki/DoublePulsar

I won’t downplay the long term risks associated with this attack, and what it represents, but at the same rate, it looks like, for now, WannaCrypt is dying down and hopefully will eventually be relegated to history, much as Code Red and Nimda have been.

Still, keep yourself protected, update your systems regularly, and pay attention to the security scene so you know what’s coming and can, hopefully, protect yourself, and your systems.

 

Permanent link to this article: http://www.xadara.com/wannacrypt-a-week-later/

Leave a Reply

%d bloggers like this: