Ransomware Global Strike: The “WannaCry” Attack

 

 

In the height of the westward expansion into California, the “Wild West” became not only a place, but a term that described an entire cultural phenomenon. What made the west so wild were the apparent lawless territories that saw hostile takeovers, train and carriage robberies, kidnapping, and ransoming. Over time the west was settled and developed into new states with their own laws and regulations. The wild part of the west was no longer a threat, at least in the physical world. Today we have a new and almost lawless place, however this territory only exists online. Though there are plenty of companies and programs that work 24/7 to ensure safety online, there are still opportunities for malicious attacks to be carried out. The robberies and takeovers that plagued the westward expansion have now become digital.

A typical scam that you will see online is the email phishing that we talked about in a previous blog. These scams can be easy to avoid as long as the recipient is not engaging with the email or providing any personal information. Unfortunately that does not always protect online users from being attacked for their information. Ransomware has become a bigger threat that is hard to trace and causes an incredible amount of damage. Essentially it is software that takes all of a victim’s personal files and information and holds it for a ransom that must be paid. Recently a large ransomware attack has become global news, with at least 150 countries experiencing the same attack. The most affected victims were the small businesses, universities, and hospitals that were unable to protect themselves and had to either pay the ransom or risk losing all of their data (CNN Money). Reports from China, Germany, Japan, Russia, the US, and Spain confirmed that there had been attacks from the same ransomware and that they had taken the necessary precautions to try and stop its spreading.

Through a patch in the Microsoft Windows software, the ransomware “WannaCrypt” was able to target specific users and take over their systems. Ransomware works as a lock box for your data, keeping you from accessing any of your files or personal information unless you agree to the terms and conditions set up by the creator. Victims were told to use Bitcoin to pay for the return of their files (Microsoft). Many of the Windows users who were targeted were not using an updated, or a licensed version of this software making them even more vulnerable to patches that could not be fixed in the Microsoft updates. In the wake of this viral attack, Microsoft released a statement outlining the efforts they were making to avoid these attacks in the future. However, they also called on the public to become more aware of their own responsibility in updating their computers and backing up their information with an external drive and cloud software. Proactive actions are the key to being safe online. This idea of being proactive is also what stopped the ransomware attack from continuing to spread. A young cybersecurity student in the UK decided to look more closely at the software behind the attack and discovered a kill switch. The malware was using “a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading” (The Guardian). Once the student located the domain name, all he had to do was buy it. The domain cost $10.69 and was immediately registering thousands of connections every second; once it was purchased the malware was stopped in its tracks. Additionally once this domain was bought he was able to determine the IP addresses attached to the malware and reported them to the authorities. Though this was a great victory, in the world of Cybersecurity it is just a temporary fix. There are just as many entities creating malware as there are cybersecurity experts trying to stop them. What makes this malware attack so dangerous is that it can be replicated and reused at any time.

Backing up files, or storing information in the Cloud, and regularly updating your software are the best measures you can take to protect yourself from ransomware. As we mentioned in a previous blog on email phishing, it is imperative that you avoid any email from a company or bank that is asking for your personal information via email.

If you are interested in becoming a cybersecurity expert yourself, consider a degree from Coleman University. Perhaps it could be you that stops the next big cyber-attack in its tracks! Call (858) 499-0202 for information on our technology focused programs.