A Review on “WannaCry Ransomeware” attack took place on 12th May, 2017

A Review on “WannaCry Ransomeware” attack took place on 12th May, 2017

Dr. Sunil Kr Pandey, Director (IT), I.T.S, Ghaziabad

On 12th May, 2017 a Ransomware attack named as “WannaCry” Ransomeware, one of the largest ever cyber attacks - was reported, infecting the 19 trusts of NHS (National Health Services) in UK and infecting computers in many other countries including Spain, Russia, US, India, Ukrain etc. ), at 19 different location. It was reported that day-1 itself it infected about 1,26,000 to 2,00,000 machines (mentioned in different research reports from different countries) which reached to 104 Countries on day-2, though now it is slowing down. The analysis & study of the incident reveals that it was not a targeted attack; rather anonymous attack sent across as an attachment through email having malicious contents and waiting to perspective users to open these emails and attachment, specially on Windows-based machines. Whenever a user in a particular network opens the emails attachments, the malicious code first places on this machine and the machine becomes infected. Actual damage starts from now when this code gets spreaded across the Windows Network without windows authentication.

In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. Many of the Cyber Security agencies and experts have started addressing this issue on war footing. In such an study, Kaspersky’s Lab, indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14. Unfortunately, it appears that many organizations have not yet installed the patch.up,

Though as of Saturday, no hacker or hacker group had come forward to claim responsibility for the cyber attack, however as per news agency Reuters, the ransomware - dubbed Wanna Cry - demanded payments between $300 (around Rs 19,000) and $600 (around Rs 39,000) in bitcoin to unlock data on a single system.

I was a part of CISO Platform Decision Summit held on 12th & 13th May, 2017 and various experts & Cyber Security researchers spoke on this issue and there was consensus that the impact of this attach could have been avoided or reduced, to a significant extent, if proper patches provided by Vendors & other security agencies could have updated, proper security provisions would have been followed & implemented.

The file extensions that the malware is targeting contain certain clusters of formats including:

1.     Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).

2.     Less common and nation-specific office formats (.sxw, .odt, .hwp).

3.     Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)

4.     Emails and email databases (.eml, .msg, .ost, .pst, .edb).

5.     Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).hines

6.     Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).

7.     Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).

8.     Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).

9.     Virtual machine files (.vmx, .vmdk, .vdi).

The WannaCry dropper drops multiple “user manuals” on different languages.

This summary report is prepared based on the data of various survey, research & news agencies.

Indresh Chaturvedi

Site reliability engineering Professional

7 年

Nice knowledge sharing post sir..

Vikas Kumar

.NET, Angular, AWS | AWS Certified Developer | Contractor at Santander Bank

7 年

:)

Ankush Tyagi

Technical Lead @ 3Pillar :|: Software Professional :|: Full Stack Developer :|: UX/UI Enthusiast

7 年

Appreciate hackers ?? they hacked our highly secured 20year old servers

Sushovon Saha

e- Governance Specialist Consultant, Keynote Speaker & Thought Leader for Smart Cities and Digital India

7 年

Nice Updates.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了