Financial Times:
Designers super-charged ransomware using tools leaked by US National Security Agency
Dozens of organisations and networks worldwide have been hit by a cyber weapon known as WannaCry. Already it has proved itself to be one of the most virulent and potentially destructive cyber attacks ever observed.
What does the attack do?
The attack used a category of virus known as ransomware. Once infected, a target’s computer has its files encrypted. The user then gets a ransom demand — usually asking for payment in a “crypto currency” such as bitcoin — which must be paid in order for access to be restored.
There are at present more than 100 known families of ransomware propagating online. WannaCry is one of the newest.
Who is responsible?
Western security agencies’ current working hypothesis is that WannaCry’s latest incarnation is being wielded by a criminal organisation rather than a state or a state-backed group.
According to cyber intelligence analysts studying the “dark web”, payments demanded by the ransomware’s operators can be linked back to a single bitcoin account.
How is the NSA involved?
The FT has spoken to several senior cyber security researchers and western government officials who have confirmed that NSA tools are likely to have been used by the hackers. They say an NSA tool known as Eternal Blue looks like it has been incorporated into the ransomware’s architecture; Eternal Blue allows the ransomware to spread laterally across businesses’ computer networks through a vulnerability in commonly used Windows file-sharing systems.
How can it be stopped?
Scrubbing malware from systems is an arduous and lengthy task. The scale of infections in this case already suggests it may be an impossible one.
Governments and law enforcement agencies will probably try to identify the “command and control” servers from which the malware is being run. If intelligence efforts can pinpoint those and seize control of them, then the encryption keys could be released to all infected networks.
An alternative may be that WannaCry’s operators turn over the keys themselves: the success of the ransomware has made them the top global target for the west’s cyber security community overnight. Even the most hardened criminal organisation is likely to worry about such prominence.
To read full article – please click here.
Image Credit – Image of Criminal – By Artiom P on Flickr.
