What is WannaCry Ransomware and How Did it Infect the World?

04/01/2019     Author: Billy Gray

If you’re looking for some of the most powerful malware attacks in history, then WannaCry comes pretty close to the top of the list. But where did it come from?

 

In terms of malware attacks, the WannaCry ransomware fiasco was one of the most devastating in history. It left hundreds of thousands of computers infected and caused a temporary shutdown of sectors of the National Health Service in Britain, as well as several companies around the world.

In this article we’ll explain what WannaCry ransomware is, how it managed to spread so wide, and where it came from.

What is the WannaCry virus?

The WannaCry attack infected host computers through a crack in Windows security which was previously discovered by the NSA. Microsoft publically criticized the US government for not bringing the attack to their attention sooner, pointing out that it could have prevented the situation from getting so out of hand.

The virus encrypted important files on the host’s computer, including PDFs, MP3 files, and MS files. It then demanded showed users a message demanding that they pay some bitcoin into a specified account to unencrypt the files. Microsoft recommended that users ignore the message, seeing as there was no evidence that people’s files were actually being released after paying the ransom. On top of this, they were careful not to encourage future attacks of a similar nature.

The virus was demanding around $300 worth of bitcoin within four days, or $600 within seven days of being infected. Only a small amount of people are believed to have actually paid the ransom – the bitcoin account was public, so everyone could see how much money went into it. The total amount was just over $130,000.

It is believed that the virus originated in North Korea and was used as an attack to gain money for the rogue regime there. This has been stated by the UK, the US, and several other countries and organizations. There was a fair amount of evidence to back this claim up, including digital fingerprints left by the creators of the virus. That being said, this could have been a deliberate attempt to confuse investigators and lead them down the wrong track.

What were the effects?

As mentioned above, the virus managed to infect several hundred thousand computers around the world and spread through various public departments and private company’s servers. In many cases, this brought production to a halt.

The British National Health Service (NHS) had around 70,000 computers infected, which included MRI scanners, admin computers, refrigerators for blood storage, and more. This not only effected a service which an entire nation relies on for healthcare, but it also caused a massive political uproar. British politicians were accused of not taking the necessary steps to keep the NHS computer infrastructure up-to-date against the latest threats.

Alongside this, Nissan Motor Manufacturing – also in the UK – had to completely halt production in one of their facilities after their servers were compromised. The same applied for Renault. In Spain, FedEx was infected, as well as various other companies.

The same theme was seen around the world, with everything from local government offices to manufacturing plants to personal computers being held ransom for bitcoin.

How was WannaCry so effective?

The success of WannaCry in spreading to so many computers around the world was largely due to its clever manipulation of a vulnerability in the Windows Server Message Block (SMB). This vulnerability is based in how Windows computers connect with one another on a network. Once the virus was active, it could easily spread to computers that hadn’t been updated to Windows 10.

NOT AS BAD AS YOU THINK

While the WannaCry virus was fairly devastating, the effects are nowhere near as bad as they could have been if a patch that protected computers from it wasn’t released a couple of months prior to the event. The patch prevented the WannaCry virus from infecting many Windows 10 devices and thus contributed to containment of the virus.

What’s more, the virus didn’t start encrypting the host’s files straight away – first, it would try to reach a specific URL domain (one which didn’t exist). If it reached the domain, however, then it would shut itself off, thus not infecting the user. This could have been a failsafe for the attackers to pull the virus, or it could have been there to distract researchers who were tracking it and trying to learn about it.

A researcher called Marcus Hutchins first discovered this. He later set up the domain – buying it with his own cash – so that many of the virus attacks would simply reach this destination and thus not damage their host. He’s highly regarded for his efforts in curbing the WannaCry virus with this move, although, he was later arrested for malware he’d previously created. The devil recognizes his own, I suppose.

Still out there

The WannaCry ransomware is still out there, although not many computers are affected by it anymore. The best way to protect against the virus is to upgrade your computer to Windows 10. Most of the infected computers were running on Windows 7, while a small fraction were also on Windows XP. Updating to the latest version of Windows is the best way to stay safe from the virus.

Leave a Reply

Your email address will not be published. Required fields are marked *