WANNACRY: THE RANSOMWARE
Source - ocdn.eu
network server in order to deliver a payload
What is WannaCry?
If you have paid close attention to the news these days, you or malicious outcome. Aforementione network
infection vector is named as ‘EternalBlue’. It
know that cyberattacks are one of the hot topics.
was released by the Shadow Brokers on 8th
According to ‘dictionary.com’, a cyber-attack is an attempt to April 2017. ‘EternalBlue’ exploits a vulnerability
damage, disrupt, or gain unauthorized access to a computer, in Microsoft’s implementation of the Server
computer system, or electronic communications network. Message Block (SMB) protocol.
‘WannaCry’ is a form of cyber-attack. This cyber-attack took
place in May 2017 and affected around 230 000 computers in When and if they found a vulnerability in one of
over 150 countries. ‘WannaCry’ is a ransomware; which is a form their systems, Microsoft usually release patches
of malicious software designed to block access to a computer or security updates. Microsoft Security Bulletin
system until a sum of money is paid. It belongs to the ‘encrypt- MS17-010 – Critical; is a security update for
ing ransomware’ family. It targeted computers running the out- Microsoft Windows SMB Protocol. The patch for
dated versions of Microsoft Windows Operating System (OS) by their existing vulnerability in SMB was released
encrypting data and demanding a ransom payment via Bitcoins. on 14th of March, 2017 (about two months
‘WannaCry’ propagated using the ‘WannaCry’ worm. It is also before the WannaCry outbreak). Unfortunately,
known as the ‘Wanna Decryptor’, ‘WCRY’ or as ‘Wanna-Crypt’. this patch did not support older Windows XP,
Windows Server 2003 and surprisingly Windows
Avast and Symantec are two of the leading security compa- 8…!!! (due to the fact that, Windows 8.1 is clas-
nies in the field of cybersecurity. Security experts in Avast and sified as a mandatory service pack upgrade
Symantec suspect that ‘WannaCry’ most likely spread using to Windows 8). To Microsoft’s credit, the
an exploit used by the ‘Equation Group’; a group which alleg- day after the WannaCry outbreak, it released
edly had ties with the NSA (National Security Agency of United security patches for the above retired OSs too.
States - Department of Defense). ‘Shadow Brokers’ is a hack- Subsequent research has indicated that Windows
ing group who attacked the Equation Group and stole some 7 to be the most affected OS out of the lot.
of their data. Thus, ‘Shadow Brokers’ was able to steal some of ‘Kryptos Logic’, a cyber security firm, found that
the hacking tools used by the NSA. Later, they started releas- they were unable to infect a Windows XP system
ing them to other hacking groups. One particular vulnerability with WannaCry using just the exploits. During
is linked to Microsoft’s Windows Operating Systems. This vul- their attempts, either the payload failed to load,
nerability was found on Windows XP, Windows 7, Windows or caused the OS to crash, rather than actu-
Vista, Windows 8, Windows 8.1, Windows 10 and versions of ally execute and encrypt files. However, when
Windows Server OSs. An attack vector is a path or means by executed manually, WannaCry could still operate
which a hacker (or cracker) can gain access to a computer or
Gauge Magazine University of Peradeniya 41