Posted on

WannaCry? – A Mysterious Ransomware Cyberattack – Shook the Digital world


The recent WannaCry ransomware has so far affected more than 150 countries worldwide, along with many small businesses, some major businesses were not able to protect themselves from the cyberattack, which include FedEx, Renault and Britain’s National Health Service.

What’s ransomware?

For most us this sounds a bit new terminology, Ransomware is a kind of malicious software that takes a computer hostage and holds it for ransom. With ransomware attacks, the malware locks down a target machine, encrypting its data and preventing the owner from accessing it until he or she agrees to pay up.

The Impact

According to some official figures some 200,000 computers have been hit by the cyberattack. But the number seems to be increasing more in Asian countries including China, India & Singapore.

Hitachi a famous electronics brand announced that recently they have also been attacked by the attack on Monday, 15th May. In China alone, nearly 40,000 thousand businesses and institutions have become victim of cyberattack, including universities, gas stations and many other metropolitan services.

And that’s just a measure of the electronic consequences of WannaCry. The software attack has taken a toll on many people in the real world. Health care providers in Britain’s NHS, for example, were forced to turn ambulances away and cancel or delay cancer treatments for patients over the weekend, though officials say 80 percent of the NHS’s systems were unaffected and that the disruption is easing.


What exactly does WannaCry do?

RansomWare like WannaCry works by encrypting most or even all of the files on a user’s computer. Then, the software demands that a ransom be paid in order to have the files decrypted. In the case of WannaCry specifically, the software demands that the victim pays a ransom of $300 in bitcoins at the time of infection. If the user doesn’t pay the ransom within three days, the amount doubles to $600. After seven days without payment, WannaCry will delete all of the encrypted files and all data will be lost.

For more details on bitcoin, please read : What is bitcoin?

Is it all over ?

Sadly the answer as of now is No. WannaCry was first discovered on Friday, May 12th, and it had spread worldwide at an exponential pace. European countries were hit the hardest, and business grounded to a halt at several large companies and organizations, including banks, hospitals, and government agencies.

A 22 year old security research scientist named Marcus Hutchins tried to slow down the spread of virus and was successfully able to slow down the progress of virus spread,
Unfortunately, the spread of WannaCry wasn’t actually stopped, but instead slowed.

For more details on this , please read : How to Accidentally Stop a Global Cyber Attacks

Are victims paying the ransom?

Some are. The news site Quartz has set up a Twitter bot to track the bitcoin wallets linked to the attack, which are growing fatter by the minute.

How to protect yourself from WannaCry?

Windows XP an old aged operating for which even Microsoft stopped support back in 2014, is the main target for this virus however there is no guarantee that it would not attack any other operating system, irrespective of which operating system you run, you should install all possible security updates available. Windows XP users should take extra care, on Friday, 12 May, Microsoft released security patch for Windows’ users.


What If my computer is infected with WannaCry?

If you have been hit, you are only left with two options, either pay ransom or get your system a clean format, there is no confirmed fix for WannaCry available at this time. Antivirus giants and cybersecurity experts are making every effort to find the ways to decrypt files on infected computers.

Hopefully affected users have backups of their data available, because the only other option right now that is known to work is to follow the instructions offered in the software to pay the ransom.

Who’s behind the scene?

Cybersecurity analysts have discovered links connecting the WannaCry ransomware to the Lazarus Group—a cyber crime syndicate with suspected links to the North Korean government. The WannaCry ransomware has some mysterious ties to North Korea

Lazarus is an advanced persistent threat group behind some of the most debilitating cyberattacks of the last decade. Reportedly operating under control of the North Korean government, Lazarus has been directly or indirectly responsible for the Sony Wiper attack, the Bangladesh bank heist, and the DarkSeoul operation, besides several other cybercrimes. Operation Blockbuster—an alliance of key IT security firms working to combat multiple cyberespionage campaigns—had earlier discovered that Lazarus operates as a ‘malware factory’ that produces new samples of malicious code through independent entities.

Note: This is an ongoing write-up and will be updated accordingly.