WannaCry explained: What is WannaCry ransomware and how does it work?

Angelica Greene
May 19, 2017

"There are plenty of reasons people wait to patch and none of them are good", said Mador, a former long-time security researcher for Microsoft. The attack, which is still unfolding, is now a fight between whitehat hackers, companies like Microsoft and the criminals attempting to run the world's biggest extortion scheme. However the department's data and computer network remained intact as they work on Linux and Ubuntu operating systems. It spreads on its own like a real virus. Hackers made use of a vulnerability that existed in Microsoft Windows.

A security expert in England has been hailed as an "accidental hero" for quashing the spread of the initial version of the ransomware late Friday.

Those hit by WannaCry also failed to heed warnings previous year from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs.

Microsoft also issued a security patch for older Windows operating systems that are no longer supported: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86 and Windows 8 x64 directly from Microsoft.

Users of older software, such as Windows XP, had to pay hefty fees for technical support, it added. "I would expect NHS trusts to learn from this and to make sure that they do upgrade". The code for the vulnerability was leaked online by a hacking group, known as Shadow Brokers, in April, making its exploitation nearly inevitable.

Microsoft declined to comment for this story.

In the wake of the massive cybersecurity attack, Microsoft issued a statement regarding the WannaCry ransomware and how everyone needs to come together to be able to prevent such incidents from happening again.

Republicans starting to turn as committee asks to see Comey documents
President Trump adamantly denied that he asked then-FBI Director James Comey to stop investigating his close ally on Thursday. A few days later, Flynn had a breakfast meeting with the Turkish foreign minister, who went on to attend the inauguration.

Tehran mayor quits race for Iran presidency
Raisi called Qalibaf's withdrawal "revolutionary", the conservative news agency Tasnim reported the cleric as saying on Monday. My guess is that Abrams' desire for Rouhani to lose is at least partly related to a desire to see the nuclear deal collapse.

WannaCry ransomware cyber-attack is a 'wake-up call', says Microsoft
But that patch came two months after it issued similar ones that fixed the same flaw in more recent versions of Windows. Smith then likened the severity of the scenario to the "U.S. military having some of its Tomahawk missiles stolen".

Last month, a group known as the Shadow Brokers leaked hacking tools allegedly used by the National Security Agency to hack into computers powered by Microsoft's Windows.

Hackers have since updated the ransomware, this time without the kill switch.

The 22-year-old cyber security researcher who tweets as [email protected]', stumbled upon a kill switch in the code of the ransomware that struck NHS hospitals across the United Kingdom on Friday.

State media in China reported that hundreds of thousands of devices there were infected. For your system to become infected, you'll have to click on or downloading the attachment or file, which causes the program to run and infect your computer with ransomware. The company is crunching data to arrive at a firmer estimate it aims to release later Thursday. Bossert said U.S. officials had not ruled out "state action" it appeared to be criminal, given the ransom requests. Matthieu Suiche, a security researcher, was able to find two new variants of WannaCry. The result: "Users unlikely to get files restored", the company's Security Response team tweeted. Software experts said that the group's dump of N.S.A. tools in April included additional exploits that are "wormable" - meaning they could spread rapidly, like the ransomware attack - and that it might well have more N.S.A. malware it has not yet released.

MPs and peers have been urged not to access personal email on their parliamentary computer systems as the WannaCry ransomware continues to spread.

Not everyone has taken ransomware seriously enough, and that includes organizations and users that need to defend against ransomware; companies that develop the software platforms and can create better protections against ransomware; and governments, which prefer to hoard vulnerabilities instead of aiding firms in fixing the flaws in their software.

WannaCry landed nine weeks after Microsoft's patch arrived.

Other reports by GizPress

Discuss This Article