Ransomware is an online theft where a bunch of elite hackers steal digital data and assets to earn by asking a payoff in lieu of the stolen data. These digital misdeeds, described as a cyber-attack, are critically vast and often demand larger responses.
A ransomware cyber-attack called ‘wannacry’ recently crippled businesses around the world, shutting down processes as many computer systems working on Microsoft Windows began seizing up, locking people out of their desktops. The virus specifically caught the desktops which were unprotected against a Microsoft messaging protocol vulnerability (called SMB-1) and displayed ransom notes.
The ransomware hit nearly 100 countries including the UK, Russia, India and China. This was big so, here’s all you should know about it –
Where did it start?
The wannacry cyber-attack first shut down setups in Ukraine and Russia, following which if spread like wild fire across computers in Romania, Norway, the Netherlands, France, Spain, and the UK. The attack went global and also spread to the US and India within just a few hours.
In Ukraine, the virus spread silently after users downloaded a popular tax accounting package on their desktops, while some others visited a local news site that resulted in infection of their computers.
How did it work?
Once a vulnerable computer gets infected, the ransomware freezes the files on the system and encrypts them so that the users cannot view or access their own files. It decrypts it only after they receive a ransom (of $395 in this case) in virtual currency called bitcoin. Reportedly, more than 30 victims had paid up.
Who started this?
Nobody knows who exactly was behind these attacks but there have been many approximations blaming Russia and its intentions to create havoc in Ukraine. The hackers are virtually untraceable even when someone pays the demanded ransom.
What can companies do?
- To protect themselves against other attacks, companies should first, apply the Microsoft patch MS17-010.
- Second, since one of the main bases for the attack is using EternalBlue, a Microsoft Window flaw for which a patch has already been issued, companies should ensure they have up to date software. Plus, they should block connections to the operating system’s port 445, a part associated with the vulnerable protocol.
- And finally, they should maintain regular data backups and use them to restore their computer systems.
On a personal level, computer users must ensure that they turn on Microsoft updates on their PCs. Plus, take special care not to open unexpected e-mails or mails from unidentified senders, especially those with PDF or Word attachments.
Why do cyber-attacks happen?
The internet has been designed to be anonymous and open, and nothing considerable has changed in terms of its basic infrastructure ever since it was made. And today when virtually everything relies on it, ‘bad guys’ have also subsequently learnt to take advantage. The war being asymmetric, attackers have to find just a single flaw to act, while defenders have to react by protecting against them all.