Today the world is scarred with news of cyber security breaches in a massive scale. The so-called guardians of cyber world are proved failure every moment a system or a whole organisation is compromised. The cat-and-mouse chase between the cyber security providers and the hackers has been going on for years and embarrassingly the hackers outrun the protectors every time (Sales, 2012). The objective of the report is to focus on this situation by analysing the ransomware attack incident on May 2017 that has rocked the cyber world vigorously.
A Brief Overview on the Ransomware
The ransomware that is christened as WANNACRY is nothing but a glitch of Windows’ Server Message Block (SMB) protocol that goes by the name of Eternal Blue. The issue was first detected by the United States National Security Agency (NSA). However, instead of informing Microsoft Corporation regarding the glitch, the agency retained the glitch and modified it in their labs for using for their own offensive operations against their enemies. A group of hackers who are claiming themselves by the name Shadow Brokers managed to liberate the glitch from NSA and unleashed it on the world on May 12, 2017 (Mohurle & Patil, 2017).
Method of the Attack
The ransomware can affect those systems that are running any supported or unsupported version of Windows operating system. The ransomware enters the targeted system by exploiting the SMB protocol’s glitch and encrypts all the essential file systems inside the device. The computer becomes useless unless the files are decrypted (Shackelford, 2017). In such situation, the user cannot perform any operation on the computer. The victim is only able to view a dialogue box that is displayed on the screen of the computer through which the hackers demand ransom in the form of bit-coin crypto currency against providing the decryption key of the encrypted files. The victim can either ignore the message in which case, the computer is permanently rendered useless or can pay up the desired ransom, however, there is no guarantee that even after payment is done the hackers will keep their bargain (Shackelford, 2017).
WannaCry affected approximately 230,000 computers spread over 150 separate countries within one day. Among the most affected organizations were the National Health Service (NHS) of United Kingdom, FedEx, Telefonica and Deutsche Bahn of Spain. Many personal computers were also affected throughout the world (Collier, 2017).
Steps Taken to Fight the Crisis
Microsoft Corporation responded almost immediately by releasing patch updates for all the supported as well as unsupported version of Windows operating system that has removed the eternal blue glitch from the operating system and requested to the Windows users worldwide to apply the patch as soon as possible (Gandhi, 2017). The security software providers like AVG, Norton, McAfee and such released updates of their respective anti-virus software that helped to fight the ransomware as well. Never the less, Marcus Hutchins, a North Devon security researcher of England found a cure to the ransomware within a short time of the attack. However, the remedy only succeeded to stall the attack for a while. Updated versions of the infection were soon developed and released by the hackers that could not be affected by the cure conjured by the 22 year old researcher (Gandhi, 2017).
The effect of WannaCry on the world proves the poor security infrastructure that is still being maintained throughout. Considerable improvement in security software as well as steadfast vigilance is required to fight this growing rate of cyber crime.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack. International Journal of Computer Applications, 168(3).
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).
Sales, N. A. (2012). Regulating cyber-security.
Shackelford, S. (2017). Exploring the ‘Shared Responsibility’of Cyber Peace: Should Cybersecurity Be a Human Right?