How Ransomware spread Havoc in 150 countries, an analysis


Consider a scenario. You have saved your memorable photographs of last 5 years in your system and suddenly they are locked. What will you do? Or if your customer’s records are unable to open.

Your first thought will be: I will restore a data backup.

But what if you don’t have backups. It may become nightmare for you. This scenario is unfolding right now somewhere in the world. Maybe even in your city or neighborhood.

It can enter your PC through an email attachment or through your browser if you happen to visit a website that is infected with this type of malware. It can also access your PC via your network.

Ransomware, as the name suggests, is a malicious code which will left you with no option but to pay ransom to unlock your precious files. Neatly coded, Ransomware is a kind of cyber attack that involves hackers taking control of a computer or mobile device and demanding payment. The attackers download malicious software onto a device and then use it to encrypt the victim’s information. They threaten to block access to the files until a ransom is paid. Downloading a bad program or app, and visiting a website that is displaying malicious adverts can also result in an infected device.

When the software is opened it tells computer users that their files have been encryted, and gives them a few days to pay up, warning that their files will otherwise be deleted. It demands payment in Bitcoin, gives instructions on how to buy it, and provides a Bitcoin address to send it to.

How Bitcoin works: Into the world of mysterious Bitcoins


It may be difficult to imagine, but the first ransomware in history emerged in 1989, a way back. It was called the AIDS Trojan, whose modus operandi seems crude nowadays. It spread via floppy disks and involved sending $189 to a post office box in Panama to pay the ransom.

The WannaCry ransomware attack that spread around the globe yesterday caused chaos in more than 150 countries and the threat is ‘escalating’. Hospitals, major companies and government offices were among those that were badly affected. Cybersecurity experts have said the majority of the attacks targeted Russia, Ukraine and Taiwan. But U.K. hospitals, Chinese universities and global firms like Fedex also reported they had come under assault.

So, how all this started?

The ransomware is spread by taking advantage of a Windows vulnerability in Microsoft Windows(MSFT, Tech30). The ransomware used in the attack is called WanaCrypt0r 2.0 or WanaCry and is available in 28 different languages.

The most interesting aspect of the attack is the malware used, might have been originally written by the National Security Agency. It was dumped by hacking group Shadow Brokers in April. The group had discovered the tools in 2016 and had tried to sell them online. After not being able to sell, it dumped them. NSA had not commented on the leak then, but security firms had warned of an attack at the time, and it turns out their prediction turned out to be accurate.

Wana infects a computer using the extension WNCRY which is tethered to the encrypted files. Malware Hunter Team was the first to notice the Wana malware and told the public a few weeks ago. The attack not only encrypts files but also downloads the latest Tor client for ransomware communications. To unlock the computer’s files, some amount of bitcoin must be sent to an address provided by the software.

Although Microsoft released a security patch for in March, but computers and networks that hadn’t updated their systems were still at risk.

The best protection against ransomware attacks is to have all files backed up in a completely separate system. This means that if you suffer an attack you won’t lost any information to the hackers.

People who have yet to install the Microsoft fix—MS17-010—should do so right away. People should also be extremely suspicious of all e-mails they receive, particularly those that ask the recipient to open attached documents or click on Web links.

For ransomware to work hackers need to download malicious software onto a victims computer. This is then used to launch the attack and encrypt files. The most common ways for the software to be installed on a victim’s device is through phishing emails, malicious adverts on websites, and questionable apps and programs.

Prevention Measures

People should always exercise caution when opening unsolicited emails or visiting websites they are unfamiliar with. Never download an app that hasn’t been verified by an official store, and read reviews before installing programs.

Most antivirus programs can scan files to see if they might contain ransomware before downloading them. They can block secret installations from malicious adverts when you’re browsing the web, and look for malware that may already be on a computer or device.

It is difficult to prevent determined hackers from launching a ransomware attack, but exercising caution can help.

What do you think about the ransomware epidemic? Let us know in the comments below.