Posted on May 16, 2017 at 12:00 PM
Last Friday marked the start of the biggest and most damaging cyberattack in the history of the Internet. Over 150 countries of the world were hit, and more than 300,000 devices were infected so far. Among the victims are many different companies, but also universities, hospitals, manufacturers, and even agencies of the countries’ governments. This list keeps on growing, despite the awareness of attack going up.
Researchers say that the initial infection could have come from an advanced phishing attack, that then escalated to worldwide proportions. Basically, the ransomware enters the system, encrypts the users’ data, and demands $300 in Bitcoin, in order to allow access to the files. This was possible because of a very big flaw found in Microsoft Windows system. The flaw was fixed in a couple of hours since its discovery, but unfortunately, it would seem that a lot of users didn’t download this fix. Experts claim that patched systems could resist the attack.
The attack worked fast and quickly spread across the world. It hit global companies, like FedEx and Nissan, Chinese colleges and gas stations, Japanese electronics firm called Hitachi, as well as Germany’s railway company. It also had a major impact in Russia, where it attacked the Russian Central Bank, their railways, interior Ministry (less than 1% of computers, as they claim), and even telecommunications company called Megafon. Spain also lost their telecom company Telefónica, while the UK had a major problem in their National Health Service after at least sixteen of the organizations have been hit in the first several hours of the attack. By Sunday, when the attack started to slow down, 25% of Indian state police were hit, and even the US’s Department of Homeland Security. Many other countries were hit as well.
The attack activated many of those who have knowledge on how to deal with malware, including hackers. There were reports of a Chinese hacker trying to take over the control of the malware. Then, there’s the security researcher who called himself MalwareTech and was later revealed to be Marcus Hutchins (22), who managed to find WannaCry’s kill switch. He accidentally discovered that activating the certain web domain can disable the malware, and was hailed as an ‘accidental hero’.
Despite this, half the world was in fear once Monday morning came, and everyone expected that the number of victims will rise when workers turn on their computers. Despite several more known cases, the majority of computers was left untouched, and ransomware simply failed to strike anew. The round two never came, and everyone breathed a sigh of relief. Experts say that this is due to the fact that the operation became too big, and that hackers who only wished to make money became too famous and too successful. They ended up in all of the news, and there’ll be no shortage of investigation concerning the attack, which is why they decided to retreat.
Some believe to have found a link between the attack and North Korea’s Lazarus Group. Both Symantec and Kaspersky have stated on Monday that several technical details from WannaCry are similar to code found after attacks done by Lazarus Group, who are known for using Bitcoin and mainly trying to find a way to steal money via the internet. Of course, the same type of code doesn’t necessarily mean that the same group is responsible, but the disappearance of the code in the later versions of the ransomware indicate that this might be true.
This is still not completely confirmed, and for now, it’s best to leave it to the researchers to discover who’s responsible. Everyone else is advised to update their Windows as soon as possible if they haven’t done it already. Fortunately, the worst seems to have passed, but it’s always better to be sure. All that can be said with certainty is that this attack has done a major damage across the globe, which will take some time to get fixed.