Massive ‘Ransomware’ attack hits 99 countries around the world

The news

Massive ‘Ransomware’ attack has hit 99 countries around the world.

Unknown hackers have launched ‘ransomware’ attacks, which basically encrypt files and demands a Bitcoin (a form of virtual currency) payment to regain access.

This ransomware is known as ‘WannaCry’.

This large-scale cyberattack has spread across  99 countries, including the UK, US, China, Russia, Spain, Italy and India. The cyberattack has affected the IT systems of banks, telephone companies and hospitals.

What is a ransomware and how does this operate?

The present ‘ransomware’ basically encrypt files and demands a Bitcoin (a form of virtual currency) payment to regain access.

It spreads as attachment to emails, hiddent in documents, PDFs, spreadsheets etc.

It also seems to have spread via a computer virus known as a worm. Unlike many other malicious programs, this one has the ability to move around a network by itself.

The hackers have likely made this a self spreading malware. It is based on a piece of  NSA code known as “Eternal Blue”

‘WannaCry’ exploits a vulnerability on old Microsoft computers that was first discovered by the National Security Agency. Microsoft even released a patch for the exploit known as MS17-010, in March. But those machines that have not been updated, the malicious code encrypts all of an infected computer’s files – and then spread on its own.

Extent of damage

Cyber-security firm Avast said it had seen at least 75,000 computers been infected by the malware.

Among the government agencies and companies affected include UK’s National Health Service, FedEx, Spain’s communications giant Telefonica and the Russian Interior Ministry.

The U.K. is one of the worst affected countries. In the U.K, the cyberattack has affected at least 16 organizations within the state-run National Health service.

No major instance of the vulnerability being exploited in India has come to light yet.

Important sources of cyber threats

There are a variety of sources of cyber threats, including:

  1. Botnetwork operators — Botnet operators use a network, or botnet, of compromised, remotely controlled systems to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available on underground markets (e.g., purchasing a denial of service attack or servers to relay spam or phishing attacks).
  2. Business competitors — Companies that compete against or do business with a target company may seek to obtain sensitive information to improve their competitive advantage in various areas, such as pricing, manufacturing, product development, and contracting.
  3. Criminal groups — Criminal groups seek to attack systems for monetary gain. Specifically, organized criminal groups use spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and criminal organizations also pose a threat through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.
  4. Foreign nation states — Foreign intelligence services use cyber tools as part of their information gathering and espionage activities. Also, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power. A growing array of state and non-state adversaries are increasingly targeting — for exploitation and potentially disruption or destruction — information infrastructure, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries.”
  5. Hackers — Hackers break into networks for the thrill of the challenge, bragging rights in the hacker community, revenge, stalking others, and monetary gain, among other reasons. While gaining unauthorized access once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites.
  6. Hacktivists — Those who make politically motivated attacks on publicly accessible web pages or e-mail servers. These groups and individuals overload e-mail servers and hack into websites to send a political message.
  7. Insiders — The disgruntled insider, working from within an organization, is a principal source of computer crimes. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a victim system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes contractor personnel.
  8. International corporate spies — International corporate spies pose a threat through their ability to conduct economic and industrial espionagea and large-scale monetary theft and to hire or develop hacker talent.
  9. Phishers — Individuals, or small groups, execute phishing] schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware/malware to accomplish their objectives.
  10. Spammers — Individuals or organizations distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware/malware, or attack organizations (i.e., denial of service attack).
  11. Spyware/malware authors — Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa virus, the Explore.Zip worm, the CIH (Chernobyl) virus, Nimda worm, Code Red, Slammer worm, and Blaster worm.
  12. Terrorists — Terrorists seek to destroy, incapacitate, or exploit critical infrastructures to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence. However, traditional terrorist adversaries of India are less developed in their computer network capabilities than other adversaries. Terrorists are likely pose a limited cyber threat.