How a 22-year Old Security Analyst Stopped a Global Cyber Attack: WannaCry Ransomware

Over the last couple of days, you might have heard rumblings of a global cyber ransomware attack called WannaCry Decryptor.  (Note: The malware affected Windows computer users.)

How the Ransomware Malware Works

The short version:  Once infected, the virus locks up the computer system by encrypting all the files.  You can pay a ransom demand for a code to decrypt the files.  The ransom demand varies, though many news sources have quoted a price tag of $300 and up.  The ransom amount goes up if not paid timely, with the threat that all files will be deleted.

The spread of the malware had been swift.  According to this source, the malware had hit some 100,000 computers and the “ransomware had been detected in 99 countries with Russia, Ukraine and Taiwan the top targets.”

For those who are infected by the ransomware, you can refer to this resource.   The general convention is that you do not pay the hackers.

  • There is no guarantee that they will unlock your files.
  • There is a lack of trace-ability since the hackers demand payment in bitcoin (a crypto-currency)
  • You do not want to pay a group that would use the fund to create other malware.  I have read accounts of users who have paid up because they were desperate for their data.

The malware was such a problem that it even impacted operations at NHS (National Health Service) hospitals, with the fear that medical records could potentially be compromised.

A 22-year old security researcher stopped one instance of the malware

News have trickled out that a 22-year old security researcher had accidentally stopped the spread of this malware.  He registered for the domain based on the malware code and pointed it to a sinkhole (“a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them.”)

It’s a fascinating read, in his own words.

While this instance of the malware is contained, people are encouraged to install the latest Windows update.  It is widely expected that hackers will tweak the malware to try to continue its spread.

In Summary

I can’t even imagine the potential impact to flights operations if the malware had propagated through the IT systems at the airlines.

There is a lesson from this episode.  There are some things you can – and should – do if you own a Windows machine:

  • Install the latest Windows update to protect your computer.
  • Back up your files regularly so that you can recover your data.

If you haven’t done either recently, this malware should give you pause and the incentive to get it done.
Source: Travel Gadget Reviews

Leave a Reply