WannaCry malicious software attacked Britain’s health service and companies in Spain, Russia, Ukraine and Taiwan, hijacking data and demanding a ransom to release. This type of software, called ransomware (from ransom: ransom) uses a vulnerability first revealed to the public due to leaked documents related to the NSA, with the purpose of infecting computers with the Windows system and encrypting their content, demanding payments of hundreds of dollars in exchange for the key to decrypt files.
The coordinated attack managed to infect a large number of computers across the British health service in less than six hours after it was first detected by security researchers, revealing its ability to spread across PC-to-PC networks. Hospitals across England have been forced to divert emergency patients due to WannaCry.
When a computer is infected, the ransomware typically contacts a central server to obtain the information needed to activate it, and then begins encrypting files on the infected computer with this information. After encrypting all the files, he sends a message requesting payment to decrypt the files — and threatens to destroy the information if he is not paid. The dramatic effect is often given through a timer. To avoid this type of attack, you need to know how not to open the door to ransomware. Most ransomware is hidden inside Word documents, PDFs and other files typically sent via email, or through a secondary infection on computers already affected by viruses that provide a back door for further attacks. All it takes is for a user to unknowingly install this ransomware on their own PC for it to try to spread to other computers on the same network. To do this, it uses a known vulnerability in the Windows operating system, jumping between PC and PC. This weakness was revealed to the world as part of a massive leak of NSA hacking tools and known weaknesses by an anonymous group called “Shadow Brokers” in April.
WannaCry, which affected Telefónica in Spain and the NHS in Britain, is the same software: a piece of ransomware. In less than four hours it had already infected computers in Lancashire alone, from where it spread to the entire internal NHS network. The amount requested is 300 pounds, to be paid in Bitcoin, to unlock the contents of the computers.
But, will paying the ransom actually unlock the files? Perhaps. It doesn’t always work. The Cryptolocker ransomware that attacked a few years ago and demanded a ransom of around £300, will have paid back after receiving payment, but, remind cybersecurity experts, cited by The Guardian, “there is no guarantee of payment It’s going to work, because cybercriminals aren’t exactly the most trustworthy group of people.” Furthermore, remember, there is the ethical issue: paying the ransom can encourage more crimes. The most practical solution is to back up your files. Why is the NHS being targeted?
According to the British press, the NHS was an easy victim, as it still uses Windows XP, an old software that has not received security updates available for half a decade, which is the reason for the attack. But currently attacks on healthcare providers around the world are at an all-time high. Private information, including health records, is extremely valuable, making it a desirable target for cybercriminals.
the portal
Originally published on portal DiagnósticoWeb
Published on LinkedIn
