Skip to main content

The WannaCry Ransomware Attack (2017)

By Gourav S

 The first attack on our list is the WannaCry ransomware attack. This attack hit businesses and organisations all over the world in May of 2017. The WannaCry ransomware encrypted data on victims’ computers and demanded a ransom payment in order to decrypt the data. This attack affected more than 200,000 computers in 150 countries.

The WannaCry ransomware attack was particularly dangerous because it exploit a vulnerability in Microsoft Windows that had been previously unknown. This meant that many organisations were not prepared for this type of attack. The WannaCry ransomware also spread quickly, thanks to a feature that allowed it to spread itself from one computer to another.

While the WannaCry ransomware attack was devastating, it could have been much worse. Fortunately, a security researcher discovered a kill switch that stopped the spread of the malware. However, this did not stop the damage that had already been done.





In  total,  the  ransomware  operates on  four  encryption  keys: one RSA public key from the master key pair, two keys from the payload-generated sub-RSA pair and one AES symmetric key. The AES key is only encrypted by the payload-generated sub-RSA  public  key  upon  completion  of  encrypting  the victim’s targeted file extensions

How does a WannaCry attack work?

The cybercriminals responsible for the attack took advantage of a weakness in the Microsoft Windows operating system using a hack that was allegedly developed by the United States National Security Agency.

Known as EternalBlue, this hack was made public by a group of hackers called the Shadow Brokers before the WannaCry attack.

Microsoft released a security patch which protected user’s systems against this exploit almost two months before the WannaCry ransomware attack began. Unfortunately, many individuals and organizations do not regularly update their operating systems and so were left exposed to the attack.

Those that had not run a Microsoft Windows update before the attack did not benefit from the patch and the vulnerability exploited by EternalBlue left them open to attack.

When it first happened, people assumed that the WannaCry ransomware attack had initially spread through a phishing campaign (a phishing campaign is where spam emails with infected links or attachments lure users to download malware). However, EternalBlue was the exploit that allowed WannaCry to propagate and spread, with DoublePulsar being the ‘backdoor’ installed on the compromised computers (used to execute WannaCry).

How does WannaCry get on your computer?
WannaCry spread by using a vulnerability exploit called "EternalBlue." The US National Security Agency (NSA) had developed this exploit, presumably for their own use, but it was stolen and released to the public by a group called the Shadow Brokers after the NSA was itself compromised.
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading.
Labels:

Comments

Post a Comment

Popular posts from this blog

Microservices design patterns

By Gourav S
Microservices design pattern Next :  saga-design-pattern-microservices
Post a Comment
Read more

Runtime Fabric (RTF)

By Gourav S
MuleSoft's Anypoint Runtime Fabric (RTF) has many features that help with deployment and management of Mule applications: Deployment: RTF can deploy applications to any environment, including on-premises, in the cloud, or in a hybrid setup. It can also automatically deploy Mule runtimes into containers. Isolation: RTF can isolate applications by running a separate Mule runtime server for each application. Scaling: RTF can scale applications across multiple replicas. Fail-over: RTF can automatically fail over applications. Monitoring and logging: RTF has built-in monitoring and logging capabilities to help teams troubleshoot issues and gain insights into application performance. Containerization: RTF supports containerization, which allows applications to be packaged with their dependencies and run consistently across different environments. Integration: RTF can integrate with services like SaveMyLeads to automate data flow between applications. Management: RTF can be managed with A...
1 comment
Read more

MQ-Based Integration vs. REST API-Based Integration: Choosing the Right Path for Your Architecture

By Gourav S
In today's interconnected world, integration is at the heart of seamless operations.  Two of the most popular methods for connecting systems are  1. Message Queue (MQ)-based integration  2. REST API-based integration. But how do you choose the right one for your needs? 🔄 MQ-Based Integration : - Asynchronous Communication : Ensures reliability and resilience, allowing systems to communicate without waiting for an immediate response. Perfect for handling high volumes of data and complex workflows. - Decoupled Systems : MQ allows systems to operate independently, reducing dependencies and enhancing scalability. - Guaranteed Delivery : Messages are queued and delivered even if the destination system is temporarily unavailable, ensuring that no data is lost. 🌐 REST API-Based Integration : - Synchronous Communication : Ideal for real-time, request-response interactions where immediate feedback is needed. - Ease of Use : REST APIs are widely adopted, easy to implement, and pe...
Post a Comment
Read more