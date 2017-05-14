Moneycontrol News

A cyber attack of unprecedented proportions has jolted the world as it has infected thousands of computers in nearly 100 countries.

These cyber extortionists are believed to have leveraged spying tools deployed by the US National Security Agency to trick victims into opening malicious malware attachments sent via emails.

Here is an explainer by Amit Nath, Head of Asia Pacific - Corporate Business at F-Secure Corporation, shedding light on what has happened and the nature of the attack.

What has happened?

Multiple organisations have been hit by Crypto-ransomoware called WannaCry. Infected users are unable to use their machines unless they pay a ransom in up to $300 in Bitcoin.

What is ransomware?

Ransomware is a form of crimeware. It’s a malicious software program that’s used, either by an individual or by an organized criminal group, to extort money from an affected user. Ransomware has attracted a significant amount of media coverage over the last few years as various organizations have revealed that their operations have been affected by it.

Types of ransomware?

There are two main types of ransomware: crypto-ransomware and police-themed. These differ in the way they motivate the user into paying the ransom: Police-themed ransomware tries to scare the user into believing they need to pay a fine for committing a crime of some sort, while crypto-ransomware encrypts the user’s files, offering to decrypt them in exchange for a fee.

There are many different families of ransomware. Each family has unique characteristics, such as how they infect the device, what kinds of files they target, how they demand payment and so on. Knowing which specific family is involved in an incident can be critical in figuring out what to do next - how to contain any damage and remove the infection from the affected device.

Who has been hit?

The National Health Service in England is one of the largest to be affected with hospitals and doctor surgeries having to close. This is a global outbreak though. A researcher at AVG Avast said he had recorded 36,000 detections, Kaspersky followed this with 45,000 in 74 countries.

Where did it come from?

It's crimeware, much other ransomware, but… It takes advantage of a vulnerability that became known due to tools developed by the NSA. Tools that were included in a dump by The Shadow Brokers (attributed as being Russian) in April this year.

How does it work?

The ransomware is distributed via spam and then spreads within an organization like a worm. The exploit is known as MS17-010 and was previously patched by Microsoft. However, Windows XP machines no longer receive updates, so are at particular risk. Machines using current Windows operating systems which have not been patched with March 15 updates are also at risk. This promotes the message that users should always update their software.

How big is this?

Big. And set to get bigger. We haven’t seen anything like this since Conficker in 2008.