While the demand for Bitcoin ransom has got the mainstream media’s attention, adding fuel to the anti-Bitcoin commentary of the individuals and organizations, WannaCry has a much darker past. Analysis of the ransomware has shown that WannaCry spread itself throughout the network of vulnerable machines by exploiting a bug labeled “MS17-010” which was supposedly exploited by the US Government agency, NSA as well. The spy agency also had a tool codenamed “Eternalblue” which was exposed by ShadowBrokers earlier this year along with a much larger data dump of “stolen” cyberarsenal belonging to the agency.
The modus operandi of WannaCrypt involves infecting the vulnerable computers through the SMB (Server Message Block), a message format used by DOS and Windows to share files, directories, and devices. Once infected, the worm encrypts almost all the files on the compromised computer and installs a Doublepulsar backdoor. The backdoor hands over remote control capabilities to the ransomware’s creator.
After detecting the bug, Microsoft had issued necessary software patches to the computers running currently supported OS versions. However, devices running on now obsolete Windows XP, Windows 8 and Windows Server 2003 missed out on these updates and became targets to WannaCry’s onslaught. Considering the severity of the situation, Microsoft in an unprecedented move pushed emergency updatesto the operating systems which are no longer eligible for official support.
A 22-year-old security researcher who runs Malware Tech Blog dissected the code to discover a kill switch, by accident. He proceeded to register an unregistered domain which proved to be a sinkhole that prevented the ransomware from spreading further. The domain registration and subsequent successful connections to the domain triggered a hidden condition within the ransomware code which prevented its spread.
While the WannaCry ransomware has been contained, it still opens up a huge question about the irresponsible and virtually unprotected nature of IT infrastructure in the public sector. NHS and numerous other networks, vital to the functioning of a country are riddled with systems running outdated software, making them vulnerable to attacks.
It is time the governments, banks and financial institutions woke up to the reality and ensured their infrastructure is up to date before pointing fingers at cryptocurrency community or other actors.