Ev­ery­thing you need to know about the Wan­naCry ran­somware at­tack

Metro USA (New York) - - News - KRISTIN TOUS­SAINT @kristin­dakota kristin.tous­saint@metro.us

By now, you’ve prob­a­bly read about Wan­naCry, the ran­somware re­spon­si­ble for cy­ber­at­tacks world­wide that might be or­ches­trated by hack­ers in North Korea.

But what ex­actly is it and who is at risk? We spoke with an ex­pert from a cy­ber­se­cu­rity com­pany: Jack Danahy, CTO of Barkly.

What is ran­somware?

“The most com­mon forms of ran­somware take ad­van­tage of a user ex­e­cut­ing a code or vis­it­ing a web­site, which will en­crypt a va­ri­ety of dif­fer­ent kinds of con­tent im­por­tant to that user,” Danahy said. “Hav­ing done that, it throws up a screen that says, ‘If you ever want to see this data again, send me money.’”

The data that is lit­er­ally be­ing held for ran­som can be any file from text doc­u­ments to photos. If you don’t pay by the des­ig­nated time — usu­ally in Bit­coin, which is an anony­mous cur­rency — the data is deleted.

Why is Wan­naCry so ef­fec­tive?

“What makes Wan­naCry dif­fer­ent and why it spreads so rapidly is that it takes ad­van­tage of a vul­ner­a­bil­ity in an ear­lier re­leased ver­sion of Mi­crosoft soft­ware,” Danahy said.

Wan­naCry uses an ex­ploit (a se­quence of com­mands that starts an at­tack) to take ad­van­tage of this vul­ner­a­ble soft­ware. The ex­ploit was re­leased about two months ago by a group called Shadow Bro­kers, who said that they took this tool from the Na­tional Se­cu­rity Agency.

Who is vul­ner­a­ble?

Any­one us­ing Win­dows is vul­ner­a­ble, ex­perts said — Ap­ple and Linux op­er­at­ing sys­tems are not af­fected. That means any­one, from your home com­puter to hos­pi­tals or any com­pany net­work.

Wan­naCry is slow­ing down, so is there still rea­son to worry?

In a word: Yes.

There could be more at­tacks to come, Danahy said. Re­mem­ber the ex­ploit that made Wan­naCry so per­va­sive to so many dif­fer­ent com­put­ers by tak­ing ad­van­tage in the soft­ware’s vul­ner­a­bil­ity?

“The peo­ple who re­leased these ex­ploits into the wild had gone silent for some time and just popped up again fol­low­ing Wan­naCry,” Danahy said. “We see that they’re now say­ing that they’re go­ing to be sell­ing new ex­ploits start­ing in June.”


Some of the Wan­naCry code is sim­i­lar to past North Korean hacks, some say.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.