20 May, 2017
If you're facing a ransom demand and locked out of your files, law enforcement and cybersecurity experts discourage paying ransoms because it gives incentives to hackers and pays for their future attacks.
The attack that began Friday is believed to be the biggest online extortion attack ever recorded, spreading chaos by locking computers that run Britain's hospital network, Germany's national railway and scores of other companies, factories and government agencies worldwide.
While visualizations show that multiple Indian systems have been hit by the attack, only the Andhra Pradesh police has so far disclosed that some of its computers were hit. And the spread could be just the beginning.
In the same way that bacteria mutate to become resistant to antibiotics, so has the WannaCry virus.
The perpetrators of the attack are still not known.
High-profile victims include hospitals in Britain, the Spanish telecoms giant Telefonica, French carmaker Renault, US package delivery company FedEx, Russia's interior ministry and the German rail operator Deutsche Bahn.
The cyber-attack has disrupted NHS services in parts of England and Scotland since Friday afternoon.
As s/he reported in a fascinating blog post, MalwareTech had found an unregistered URL address in WannaCry's code.
Brian Lord, managing director of cyber and technology at cyber security firm PGI, said victims had told him "the customer service provided by the criminals is second-to-none", with helpful advice on how to pay: "One customer said they actually forgot they were being robbed".
The attacks exploit a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations that don't automatically update their systems.
"It's worth remembering that Windows XP not only came out six years before first iPhone".
Microsoft's related security bulletin is right here, but you probably don't even need to bother reading it.
Microsoft President Brad Smith said Sunday that the United States government's approach to cybersecurity is unsafe and contributed to a major global cyberattack last week. Last year, Cisco, with the help of Level 3 Threat Research and Limestone Networks, identified the largest Angler exploit kit operation in the United States, which targeted 90,000 victims every day and generated tens of millions of dollars a year by demanding ransoms off victims. Everything remains secretive until hackers hacked the NSA.
The WannaCry ransomware has its roots in an April posting by a group called the Shadow Brokers, which released information about a weakness in Windows that the NSA allegedly discovered. Last year, 75 percent of crypto ransomware - malware that encrypts files on the target machine to force its owner to pay a ransom in exchange for their decryption - originated from the Russian-speaking hacker underworld.
[T] his attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.
"We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world", Smith griped.
"All this code is doing is attempting to connect to the domain we registered and if the connection is not successful it ransoms the system, if it is successful the malware exits", MalwareTech blogged.
Unfortunately, the outbreak being stopped is only temporarily.
A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing on, Saturday. Whoever is behind the attack could update the ransomware and remove the kill switch.
So far only a few victims of the attack appeared to have paid, based on publicly available bitcoin accounts on the web, where victims have been instructed to pay.