Once again we should give thanks to Edward Snowden. WannaCry ransomware is a global attack. Wannacrypt encrypts whatever files it can find. After infecting, Wannacry ransomware possibly will display a screen on the infected system asking for $300 to $600 worth of Bitcoins to decrypt. Wannacrypt ransomware originated from NSA and now waiving the flag of Governmental democratic nuisance. It is not that PRISM was only matter what NSA has been caught so far, there are many minor and major vulnerabilities like logjam. It is true that WannaCrypt exclusively a problem for the Windows users, but the worm can hit a Mac user with a Boot Camp partition, Windows virtual machines. It is estimated that if the users has been switched on Windows system after mid-March or has not received install Microsoft’s security update MS17-010, are vulnerable. Wannacrypt ransomware is not a matter to joke the Microsoft Windows users, NSA could have hidden worser things inside *nix system kernels. Wannacrypt in summary, an evolution of what has been seen in the past: infected computers contribute to the spread of the worm that find other targets via the internet and local network. Another unpublished element is the boot mode of the attack that does not require any interaction from the user. Wannacrypt automatically scans the systems Looking for a specific bug, this is a vulnerability that Redmond indicated under MS17-010 which concerns the Server Message Block or SMBv1 service and patched during last March 2017 on all systems currently supported by the company. Of course, Windows XP and Windows Server 2003 are no longer ideal target for malware. The company also made security patches available to the general public for several out-of-support versions of Windows, including Windows XP, Windows 8 and Windows Server 2003. Please read the official support from Microsoft and Apple for their recommendations.
The attack affected many NHS hospitals in England and Scotland and devices, apart from normal computers and servers – including MRI scanners, refrigerators and operation theatre equipments.
Wannacrypt Ransomware : More A Political Worm Than Technical
WannaCrypt is essentially a piece of malware that propagates itself like the Morris worm of 1990’s and sysadmins of that time has written their worst experiences, dreaded fear about Wannacrypt. Ransomware is not new invention. Latest modifications have become sophisticated. The tools behind essentially originated within NSA – EternalBlue and DoublePulsar. NSA used them to infiltrate the computer networks. WannaCrypt exploits SMB connections using EternalBlue, which allows the malware to spread within seconds. EternalBlue is a network infection vector which was released by the hacker group The Shadow Brokers on this April 2017, leaked from Equation Group, which is believed to be part of NSA. The DoublePulsar part of the snippet then installs a backdoor on the victim computer systems, thus allowing remote control of the personal computers. DoublePulsar is a backdoor tool, also released by The Shadow Brokers. Kill switch part contains a URL that possibly used to track activity from infected machines.
Edward Snowden remarked that if the NSA “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, may not have happened”.
Wannacrypt Ransomware : Hackers Delivered a Good Message
With a recent backup and restore, the ransomware is worthless. WannaCrypt really does not affect *nix system – Macintosh and Linux systems are essentially safe. America as expected, proposed a new bill with the promise that would bring accountability to how NSA deals the vulnerabilities. NSA and ex-chief obviously defended their stance.
Hackers could spy secretly, but they essentially announced many things and directed the security researchers to build *nix kernel more secured.