On Friday, May 12, a global ransomware attack was launched across the world, infecting over 100,000 computers across nearly 100 countries in a course of two days. On Monday, a second surge of ransomware attacks got underway as people around the world began returning to work after the weekend.
According to The Financial Times, hackers used cyber weapons stolen from the US National Security Agency to strike organisations across the globe on Friday – from the United Kingdom’s National Health Service to European telecommunication company Telefónica and FedEx of the United States.
Read more: Change is the only Constant
What is a ransomware attack?
According to Trend Micro, a leading computer security firm, “Ransomware is a type of malware which prevents or limits users from accessing the system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid. More modern ransomware families, collectively categorised as crypto-ransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decrypt key.” This is precisely what the on-going ransomware attack, known as Wanna Decryption or WannaCry, is demanding.
There are numerous ways by which ransomware can enter a system. The most common method is by getting a user to click on a malicious link, also known as phishing. It can also be downloaded through infected file attachments or by visiting a website that is malicious in nature or has already been compromised. So far, it seems that WannaCry was delivered through links in phishing emails.
The ransomware affects systems which have not updated their windows patching. Microsoft claims that it released a windows update in March to tackle the problem involved in the latest attack but many users were yet to run it. Once a system has been overtaken by WannaCry or other ransomware installs, there are only two ways to recover the system: by paying the ransom or by recovering data from an offline backup.
Senior cyber security analysts say that Eternal Blue, a tool developed for spying in the United States, was used by hackers to magnify an already existing form of criminal malware and has become one of the fastest-spreading (up to 400 infections per minute) and potentially the most damaging cyber attack to date.
However, a 22-year-old researcher, known as MalwareTech was able to stop the attacks which were spreading from a specific unregistered domain being used by the attackers, by buying the domain and registering it. However, this could only stop one version of the malware and according to cyber security officials, new variants of the WannaCry are now live.
As things stand, companies across the world are hurrying to install the necessary patches to ensure that their systems are not infected by the malware. While there have been no official reports of the malware being detected in Pakistan, a map released by a cyber security Twitter handle shows that the malware may have landed in the country.