WannaCry May Be The Largest Ransomware Ever
In possibly the largest cyber extortion scheme, WannaCry has been constantly growing through news outlets worldwide. Considering the massive damage it cost to hundreds of thousands of Windows computers internationally, it is definitely for a good reason. Started on May 12, 2017, the WannaCry malware is one of the worst and largest attacks ever launched worldwide. It quickly spread from home-computers to large corporations, hospitals and even caused long delays for patients seeking medical treatment. Infecting computers in around 150 countries and demanding victims to pay a “ransom” fee using the cryptocurrency Bitcoin, it has been spreading through email and directly through networks that don’t have recent security updates. A critical patch has been released by Microsoft that covers the vulnerabilities and although Microsoft stated they would no longer support older versions of Windows (like windows XP – which many businesses still use), Microsoft agreed to make the patch available for older devices as well.
A new interesting turn of events with the malware is how it was accidentally put to a halt by a research security “hero”. Although the exact specifics are a little foggy, the researcher claimed to have noticed a domain name within the WannaCry ransomware which he then registered online. The individual (who is identified as MalwareTech) noticed the malware was connecting to the unregistered domain and he decided to purchase it for $10.69.
Minutes after registering, he began receiving thousands of connection requests every second. The domain was hardcoded into the malware and would basically make a request to see if it was live. If it is live, it acts as a “kill switch” and doesn’t affect the computer. The anonymous individual may only be noticed as MalwareTech but in our opinion should be awarded some kind of medal for his actions. Although done unintentionally, he likely stopped thousands of computers from being infected. Even if this action doesn’t help those already affected, it does stop the spread of something that can continue spreading to millions of other computers.
Although nothing here can be certain, some say there is a link between the malware and North Korea. Some security researchers had found evidence that suggests that North Korea could be linked with the attack through a company called Lazarus Group. The Google researcher found code in the malware that was extremely similar to code used by the Lazarus Group (which is a hacking group located in North Korea). The overlapping code was later removed and some say that it was intentionally done to direct the blame to the Lazarus Group.
Either way, the ransomware only decrypts your files if you pay $300.00 in Bitcoin. Based on the number of computers said to be infected, should every person pay the ransom fee, the total cost the hackers stand to make is over $1 Billion dollars.
Updates will be provided once available.