A fix of the EternalBlue exploit along with the discovery of the “kill switch” that allowed to stop the execution of the malware were the two main contributions that helped to slow down this malicious campaign. The exploit leveraged a vulnerability in the Windows operating systems and while a patch fixing the issue was released quickly by the company, many individuals and organizations who didn’t promptly update their computers became victims of this attack.īy some broad estimations, over 200,000 computers worldwide were infected by WannaCry within those few days that the attack was ongoing. The attack utilized an EternalBlue exploit, which was believed to have been developed by the American NSA and leaked by a cybergang known under the allies “The Shadow Brokers”. The first time WannaCry malware was seen in the wild was as a part of a devastating worldwide attack that took place in May 2017. Typical for a cryptocurrency, anybody can check their balances and transaction history but the true owner of such a wallet can not be traced. The payments are directed to multiple hardcoded bitcoin addresses. If the victim resists the ransom amount rises to $600 to be paid in 7 days.
After encryption is completed, a ransom note is displayed to the user and the attackers demand $300 to be paid in a 3-day timespan. This is done in an effort to spread the virus over to other random PCs and all those connected to a local network. However, if a kill switch domain isn’t found, the ransomware encrypts files on the machine, following which an attempt to exploit the SMB vulnerability takes place. In the event, if one is found, the malware stops the execution. Once WannaCry makes its way into a target computer, it begins its malicious activity by checking for a hardcoded kill switch domain - either fferfsodp9ifjaposdfjhgosurijfaewrwergweacom or iuqerfsodp9ifjaposdfjhgosurijfaewrwergweacom. Additionally, the virus uses DoublePulsar exploit to upload and execute a copy of itself to a new machine. The virus can be described as ransomware like Dharma or Ryuk but with worm functionality, since it is capable of spreading itself within infected networks using the EternalBlue exploit. WannaCry, sometimes also called WCry or WanaCryptor is ransomware malware, meaning that it encrypts files of its victims and demands a payment to restore the stolen information, usually in bitcoin with ransom amounts ranging from $300 to $600 equivalents.
0 kommentar(er)
