It’s highly likely that you heard about the global cyberattack that occurred on the 12th May 2017, in this blog I will attempt to coherently explain what WannaCry, also known as WannaCrypt0r 2.0 (the malware used in the attack), is and what it does.
So what is WannaCry? WannaCry is a malware tool that was released on the 12th May and has currently infected thousands of computers in 99 countries across the globe. But what does it do? Well it is a ransomware malware tool which means that it encrypts the data on a computer and demands a payment from the user to decrypt the data.
WannaCry spreads like a “Worm” which means that once it is on a network it spreads by itself and does not need any human assistance. WannaCry was spread via email. This is why it has been able to spread so quickly crippling many organisations around the world, like the British National Health Service (NHS) and the Telefonica in Spain.
It is believed that WannaCry uses the “ExternalBlue exploit” which was supposedly developed by USA’s National Security Service (NSA) to attack computers running the Windows Operating System. However the External Blue exploit was released onto the internet by the hacker group, The Shadow Brokers, on the 14th April 2017.
Microsoft released a patch for the exploit a month before on the 14th of March 2017. However, due to many companys not updating and the patch not applying to older versions of the operating system, such as Windows XP (which much of the NHS still uses), the malware was able to spread.
A UK cyber security researcher who goes by the twitter handle of @MalwareTechBlog found the kill switch for WannaCry, which was hardcoded into the malware. The kill switch was a long domain that, when live, would stop the spread of WannaCry. Before spreading, the malware would check if the domain was live and if it was, it would not spread. However, this has not fixed the problem for people who already have the ransomware, but it has drastically slowed the spread of it.
It is now highly important that people install the Microsoft update as another malicious hacker can simply change a small bit of code that will allow them to easily launch another cyberattack.
To read more about how @MalwareTechBlog helped prevent WannaCry spreading further, you can read his blog here: www.malwaretech.com