If Wannacry cyber attack didn’t make you wannacry, the next one will!
By David Haggith
TheGreatRecession.info
May 18, 2017
The Wannacry malware that hit like a global mega-bomb, showed everyone how vulnerable we are to a global cyber attack. Billed as “one of the largest global ransomware attacks the cyber community has ever seen,” the infection started in London and then emerged almost instantly in Seattle, New York, and Tokyo. Within ten minutes, the coordinated attack became epidemic throughout the world, covering the better part of every continent but Antarctica. By the end of one day, the malware had infected over 200,000 computers in 150 nations, encrypting all their data and locking the users out.
While the attackers demanded a ransom in order to free hostage computers, the small number of companies that paid the ransom required for unlocking the encryption did not get their data back, raising a question of whether the primary goal was really money or mayhem. (If primary goal was making a lot of quick money, it would make more sense to quickly release data so that more companies would be inclined to pay the ransom, seeing that payment solved the problem.)
This was a cyber attack equal in scale to something Dr. Evil would create or some Bond villain would use to collect ransom from the entire world … or to control the world. This time, it didn’t win, but there are some interesting reasons why as you did deeper.
Top levels of governments ordered emergency meetings to try to quickly understand and stem the spread of this very destructive piece of warware. A solution emerged quickly because an anonymous British researcher discovered the virus was built with a kill switch. With each infection the virus would check to see if a particular website was running and issuing a kill command. If no command, the virus would begin its mission of destruction. The researcher discovered the website, which was dormant, and activated it, slamming the brakes on global destruction. This bought time for people to apply Microsoft’s patch before the attackers could launch a modified version of the virus. Furthermore, the destructive code was only able to infect computers that had not upgraded with the latest Microsoft patch; so damage was hugely mitigated.
Even so, ATM’s and gas pumps in China went dark, as did Chinese government and university computers. Hospitals in the UK shut down. Forty-five facilities were affected, forcing cancelation or delay of some medical treatments. Nissan’s plant in the UK got hit. French automaker, Renault, stopped production in order to stop spread of the virus. Spain’s Telefónica and Russia’s communications giant, Megafon, got hit. Russia’s central bank and government agencies received “massive” attacks, which Russia claimed were successfully overcome.
The latest data I saw showed 370,000 computers infected and locked up, but that didn’t appear to include less available information from China. The damage is still unfolding, though greatly slowed; but a second variant began spreading across the globe on Tuesday, and other variants may emerge.
Epidemiology of the viral attack — North Korea suspect
The New York Times reports that the ransomware hack appears to have originated from North Korean sleeper cells.
Since the 1980s, the reclusive North has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States…. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection…. Security officials in South Korea, the United States and elsewhere say it is a well-known fact that the North Korean authorities have long trained squads of hackers and programmers, both to sabotage computers of adversaries and make money for the government, including through the use of ransomware — malicious software that blackmails victims into paying to release seized files…. Choi Sang-myung, an adviser to South Korea’s cyberwar command and a security researcher at Hauri Inc., said that the arithmetic logic in the ransomware attacks … is similar to that used in previous attacks against Sony Pictures and the Swift international bank messaging system — both of them traced to North Korea. (NYT)
Of course, The New York Times has been saying for months that Russia hacked DNC emails and interfered with US election without yet coming up with a shred of solid evidence or producing sources willing to go on record. It’s also fairly simple to create a decoy to the actual origin of attack. If it’s true, however, it underscores North Korea’s desire to create random destruction and financial loss indiscriminately throughout the world and its ability to do so.
The Rest…HERE
