- Thousands of computers in China and Japan hit by WannaCry virus
- Putin says Russia had 'nothing to do' with global ransomware outbreak
- Microsoft attacks US government over developing 'EternalBlue' exploit that led to hack
- New strains of virus reported but having little effect
- Jeremy Hunt says there has been no second wave of attacks
The WannaCry ransomware, which locks computer systems and demands $300 (£230) in Bitcoin, hit over 200,000 computers on Friday and the impact continued to be felt across the weekend. Around £33,000 in ransoms have been paid to date, according to analysis of Bitcoin wallets.
On Sunday night, Microsoft slammed the US spy agency that had originally developed software that allowed the ransomware attack to infect computers. The "Eternal Blue" tool developed by the National Security Agency had been dumped onto the public internet by a hacking group known as the Shadow Brokers.
The slow down happened soon after 'MalwareTech', a Britain-based security researcher, accidentally discovered a 'kill switch' to halt the Wanna Cry attack. Experts, however, warned that enterprising hackers could circumvent MalwareTech's fix.Â
Over 200,000 systems around the world were affected in the Wanna Cry attack, a tracker developed by a security researcher called 'MalwareTech' showed. Czech Republic-based anti-virus provider Avast, however, gave a more conservative estimate of around 126,000 systems being affected, news agency Reuters reported
Authorities fear a second wave of the "WannaCry" ransomware could hit systems as people return to work and switch on their computers on Monday morning.
Japanese computer experts said around 2,000 PCs had been affected while the Chinese news agency Xinhua reported that almost 30,000 had been hit.
But in doing that he also took down the WannaCry operation without meaning to. Whoever was behind the ransomware included a feature designed to detect security tools that would fake internet access for quarantined PCs by using a single IP address to respond to any request the computer made. This is a feature of a "sandbox," where security tools test code in a contained environment on a PC. When MalwareTech registered his domain to track the botnet, the same IP address was pinged back to all infected PCs, not just sandboxed ones. "So the malware thought it was in a sandbox and killed itself. Lol," MalwareTech said. "It was meant as an anti-sandbox measure that they didn't quite think through."
Security companies including Cisco's Talos division confirmed WannaCry had stopped spreading thanks to MalwareTech's work. Talos also confirmed the malware's use of exploits leaked by a crew called the Shadow Brokers, who're widely believed to have dumped hacker tools belonging to the NSA. The company, in a blog post, said WannaCry (also known as WannaCrypt) would attempt to install via a backdoor leaked by the Shadow Brokers called DoublePulsar. If the backdoor wasn't resident on a target Windows PC, it would then attempt to abuse a flaw in the Microsoft operating system's Server Message Block (SMB), a network file sharing protocol. "This is the cause of the worm-like activity that has been widely observed across the internet."
HOW TO SECURE YOURSELF
- Make sure your security software patches are up-to-date
- Make sure that you are running anti-virus software
- Back-up your data in multiple locations, including offline
- Avoid opening unknown email attachments or clicking on links in spam emails
- Victims of fraud should report it to Action Fraud
- We encourage the public not to pay any ransom demand
- Wana cry guideline to stay safe from microsoft (click here)
![The life of an Ethical Hacker [Q&A] | How to become a Hacker](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd3MEnEzHcekdZnZ6JBlgySIXspWItV8cE9butJaS7Xupfw_h-pVaZPSGhAYDaDq4ANW2M1yOfNTtA9AZ8o52PqYS61s2_HsLNaOkSnXDU7v7_Dzh5ZCKubDqci8IxMSLcPl7CYGcHhpQ/s72-c/hacker+poster.jpg)
No comments:
Post a Comment