QUOTE OF THE DAY

“Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact”

~ James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

WANNACRY RANSOMWARE HAS POSSIBLE LINKS WITH NORTH KOREA

THE STORY

South Korean Cybersecurity expert says there’s ‘circumstantial evidence’ to prove North Korea was behind the massive attack that infected about 300,000 Systems across 150 nations.

THAT’S HARDLY A REASON TO BE SURPRISED!

You’d have to agree with us on this. It’s expected from a country that threatens a nuke attack because a movie paints a not so nice picture of its leader and his men! Oh, and I can’t believe I was watching The Interview yesterday! Too much of a co-incidence or what?

LET’S GET TO THE POINT NOW…

Earlier today, a South Korean cybersecurity specialist there is ‘more’ circumstantial proof that links the attacks to North Korea. The proof turns out to be the way in which hostage computers/systems and servers have been hacked. Apparently, the attack pattern is similar to previous cyberattacks attributed to North Korea perpetrated on South Korea.

Simon Choi, the specialist, has been analyzing North Korean malware since 2008. He is a director at anti-virus software company Hauri Inc. and is also involved with advising the government on cyberattacks. Cho says North Korea is no stranger to the world of bitcoins and has been mining the digital currency using malicious computer programs since as early as 2013.

NORTH KOREA IS TRAINING CYBER WARRIORS IN SCHOOLS!

Allegedly, the mysterious nation is actively teaching school kids the art of hacking which obviously cannot be a noble cause. If indeed the country is behind the current attacks, then it is perhaps time to stop looking at it with mere suspicion and analyze the extent to which it can wreak havoc across the globe with the Internet. Let alone nuclear weapons!

WHAT DO OTHER NATIONS THINK ABOUT THE ATTACK?

On Monday, LA Times had reported that the WannaCry Ransomware shares codes with the infamous Sony hack of 2014 which was purportedly done by North Korea. Evidence is far from conclusive to pin the blame on the Kim Jong-un led nation. However, researchers at both Symantec and Kaspersky Lab have found similarities between WannaCry and previous attacks blamed on North Korea.

Investigators have found code(s) similar to that used by the ‘Lazarus Group’, a cryptic hacking network implicated in the Sony attack. Referring to an analysis of a few lines of duplicated code found in an earlier version of the WannaCry virus, Moscow-based cybersecurity firm Kaspersky Labs said, “we believe this might hold the key to solve some of the mysteries around this attack.”

American software security firm Symantec said it had identified “the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry.”

HOW FAR REACHING IS THE WANNACRY VIRUS?

Wannacry has not spared anybody. Government, hospitals, universities, enterprises are grappling with the impact. Among countries, Russia was the worst hit in terms of number of attacks. More specifically, WannaCry targeted the German railways, Chinese Universities, South Korean cinemas, Indian state police, companies in Japan, hospitals in Indonesia, Ireland and UK, Spanish telecoms, automobile giant Renault in France, logistics firm Fedex and SMEs in Australia. It’s kinda all pervasive. And if you are still safe, don’t forget to back up all your data and update your antivirus. Because, the WannaCry crisis is not quite over yet.

YOUNG TECHIE STOPS WANNACRY RAMPAGE

THE STORY

22-year-old works from his bedroom to bring the attacks to a screeching halt!

WHO’S THIS GUY NOW?

Marcus Hutchins works for Los Angeles-based Kryptos Logic. Residing in an idyllic English seaside town, the cybersecurity enthusiast figured out a ‘kill switch’ during the initial stages of the attack on Friday. This in turn slowed down the Wannacry rampage considerably, particularly in the United States. Hutchins spent the next three days trying to contain the attack further.

WHAT IS A KILL SWITCH?

In tech terms, a ‘kill switch’ is a mechanism that shuts down a system during emergency situations. In WannaCry’s case, it was somewhat of a stroke of good luck for Hutchins (who a few hours ago was only known as Malware Tech). But then as the saying goes ‘Fortune favors the brave (in this case, the curious).

While reverse engineering samples of WannaCry on Friday, he realized the ‘ransomware’s programmers had built it to check whether a certain gibberish URL led to a live web page. Curious why the ransomware would look for that domain, he registered himself for a measly $10.69. Luckily for him, that was enough to shut the whole thing down for some time, at least. As long as the domain was unregistered and inactive, the query had no effect on the ransomware’s spread. But once the ransomware checked the URL and found it active, it shut down.

DON’T RELAX. IT’S A TEMPORARY FIX…

For systems that has already been infected, the kill switch won’t help. Also, it only works by registering the domain, and then directing the traffic to it into a server environment meant to capture and hold malicious traffic—known as a “sinkhole”. Hutchins bought time for systems that hadn’t already been infected to be patched for long-term protection, particularly in the United States where WannaCry was slower to proliferate. (As reported in WIRED)

It’s best to backup files and implement antivirus updates and stay away from the Internet, if possible.

MICROSOFT DID ITS BIT TOO

In a rare move, Microsoft released an emergency security update for Windows XP users after the Wannacry outbreak on Friday. Considering, there has been no official support for XP users since 2014, the latest release gave many aging systems the option to protect themselves against the attack. In addition, Microsoft also released specific Wannacry (also known as Wanna Crypt) related security measures.