For people in both the public and private sector, cyber-attack has become a potentially life-altering and seemingly unstoppable threat that is beginning to define our everyday lives.
In few hours, 200,000 machines were infected. Big organizations were struck and crippled by the attack.
Ransomware has been a growing trend for the past two years, and this is just a culmination, a grand reveal to the wider world of just how big of a threat it is
This variant of ransomware is a type of malware that exploits backdoors in operating systems with no user interaction needed to spread. It is also the first ransomware worm seen in the wild and works by:
- Encrypting 176 different file types, adding .WCRY as an extension
- Displaying a pop-up message stating, “Oops, your files have been encrypted
- Demanding a $300 Bitcoin ransom that doubles after three days
- Deleting user’s files if not paid in 7 days
Unfortunately, we also learned that:
- Decrypting ransomed files was not possible.
- Paying ransom did not guarantee files would be decrypted or left unharmed by a hidden future threat.
History of ransomware
The first ransomware takes us back to 1989 (that’s 27 years ago). It was called the AIDS Trojan, whose modus operandi seems crude nowadays. It spread via floppy disks and involved sending $189 to a post office box in Panama to pay the ransom.
How times have changed!
The appearance of Bit coin, and evolution of encryption algorithms helped turn ransomware from a minor threat used in cyber vandalism, to a full-fledged money-making machine.
The WannaCry attack is a perfect example of this since it used a wide-spread Windows vulnerability to infect a computer with basically no user interaction.
That’s why each new variant is a bit different from its forerunner. Malware creators incorporate new evasion tactics and pack their “product” with piercing exploit kits, pre-coded software vulnerabilities to target and more.
Ransomware brought extortion to a global scale, and it’s up to all of us, users, business-owners and decision-makers, to disrupt it.
- Creating malware or ransomware threats is now a business and it should be treated as such;
- The present threat landscape is dominated by well-defined and well-funded groups that employ advanced technical tools and social engineering skills to access computer systems and networks;
- Even more, cyber-criminal groups are hired by large states to target not only financial objectives, but political and strategic interests.
We also know that we’re not powerless and there are a handful of simple things we can do to avoid ransomware.
Stay safe and don’t forget the best protection is always a lot of common sense and keeping offline backups in addition to the online ones!