A Review on “WannaCry Ransomeware” attack took place on 12th May, 2017
Dr. Sunil Kr. Pandey
TEDx Speaker, Director (IT & UG) @I.T.S Ghaziabad, Global CIO 200 Award at Dubai & Bangkok, Dataquest Technology Leader Award 2023, Next100 CIO Award-2017, Next CSO-2018, Change Agent Award Winner, CISO Platform Award
Dr. Sunil Kr Pandey, Director (IT), I.T.S, Ghaziabad
On 12th May, 2017 a Ransomware attack named as “WannaCry” Ransomeware, one of the largest ever cyber attacks - was reported, infecting the 19 trusts of NHS (National Health Services) in UK and infecting computers in many other countries including Spain, Russia, US, India, Ukrain etc. ), at 19 different location. It was reported that day-1 itself it infected about 1,26,000 to 2,00,000 machines (mentioned in different research reports from different countries) which reached to 104 Countries on day-2, though now it is slowing down. The analysis & study of the incident reveals that it was not a targeted attack; rather anonymous attack sent across as an attachment through email having malicious contents and waiting to perspective users to open these emails and attachment, specially on Windows-based machines. Whenever a user in a particular network opens the emails attachments, the malicious code first places on this machine and the machine becomes infected. Actual damage starts from now when this code gets spreaded across the Windows Network without windows authentication.
In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. Many of the Cyber Security agencies and experts have started addressing this issue on war footing. In such an study, Kaspersky’s Lab, indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14. Unfortunately, it appears that many organizations have not yet installed the patch.up,
Though as of Saturday, no hacker or hacker group had come forward to claim responsibility for the cyber attack, however as per news agency Reuters, the ransomware - dubbed Wanna Cry - demanded payments between $300 (around Rs 19,000) and $600 (around Rs 39,000) in bitcoin to unlock data on a single system.
I was a part of CISO Platform Decision Summit held on 12th & 13th May, 2017 and various experts & Cyber Security researchers spoke on this issue and there was consensus that the impact of this attach could have been avoided or reduced, to a significant extent, if proper patches provided by Vendors & other security agencies could have updated, proper security provisions would have been followed & implemented.
The file extensions that the malware is targeting contain certain clusters of formats including:
1. Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
2. Less common and nation-specific office formats (.sxw, .odt, .hwp).
3. Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
4. Emails and email databases (.eml, .msg, .ost, .pst, .edb).
5. Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).hines
6. Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
7. Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
8. Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
9. Virtual machine files (.vmx, .vmdk, .vdi).
The WannaCry dropper drops multiple “user manuals” on different languages.
This summary report is prepared based on the data of various survey, research & news agencies.
Site reliability engineering Professional
7 年Nice knowledge sharing post sir..
.NET, Angular, AWS | AWS Certified Developer | Contractor at Santander Bank
7 年:)
Technical Lead @ 3Pillar :|: Software Professional :|: Full Stack Developer :|: UX/UI Enthusiast
7 年Appreciate hackers ?? they hacked our highly secured 20year old servers
e- Governance Specialist Consultant, Keynote Speaker & Thought Leader for Smart Cities and Digital India
7 年Nice Updates.