The WannaCry Ransomware

By Megan Arslanian, Halley Roberts, J. Welfer, Siqin Xie, Ben Chen

April 19, 2020

4 min read

History Of Ransomware

how-ransomware-works

The Cybersecurity and Infrastructure Security Agency (CISA) defines ransomware as "a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website."

The first documented example of ransomware was the 1989 AIDS Trojan. Joseph L. Popp, a Harvard Biologist sent infected diskettes to members of The World Health Organization, encrypting their files, demanding $189 dollars for them to be returned.

As time passed, the Internet grew and became more popular, and so did the idea of cyber crime. In the past 10 years, the idea of infecting computers for ransom has drastically increased. There are various forms of "ransomware", and many continue to grow and improve their techniques. There are two common forms of ransomware, locker or encryption. Crypto ransomware encrypts files so they are unable to be read. The type that locks you out of your computer is called locker ransomware.

What was WannaCry Ransomware

wana-decryptor

The WannaCry ransomware attack took place in May 2017. WannaCry Ransomware is a crypto-worm which specifically targeted Microsoft Windows users. This attack occurred worldwide and used Bitcoin as a way to pay ransom. An employee of Kryptos Logic, Marcus Hutchins, discovered a way to slow down the spread of the WannaCry ransomware. He discovered that the malware contained a URL to an unregistered website and that the malware would only be active if it checked that this URL was inactive. When Hutchins registered the URL for himself he was able to slow down the spread of WannaCry and allow for long term updates to stop WannaCry.

WannaCry Statistics

Total money stolen: $140,000

Reported to have infected more than 230,000 computers in over 150 countries

Each Ransom was placed at $300 worth of Bitcoin if the user paid within 3 days. The price went up to $600 within 7 days. The user's data was erased if they did not pay within a week.

How Did This Attack Occur

bitcoin

This was a crypto ransomware attack which spread automatically. WannaCry used a hack that took advantage of a weakness in the Microsoft Windows operating system, called EternalBlue. This was developed by the NSA but then it was leaked by a hacking group known as the Shadow Brokers. Microsoft informed it's users of the vulernability of EternalBlue, and sent out updates. However, the vulnerability exploited by EternalBlue, for the users that did not update their Microsoft account, were left open to attack.

The WannaCry ransomware infects the computer. The crypto-worm encrypted users data, basically jumbling it and making it unusable for the computer, and demanding payment for the data to be returned to the user. This ransom payment was asked to be paid through a cryptocurrency, Bitcoin.

"Cryptocurrency is such a powerful concept that it can almost overturn governments" - Charles Lee

Spread of WannaCry Ransomware: Worldwide Map

number-of-symantec-detections-for-wannacry-may-11-to-15

Future Preventative Measures

When using a Windows-powered PC, ensure all software is up to date.
Avoid suspicious emails, or unrecognizable links
Do not open any unexpected files
Avoid unknown USBs
Consider Installing internet security software
Never download attachments unless origin is known
Do not open any ads, especially unfamiliar ones

What If My Computer is Infected

Stop what you are doing and disconnect immediately. Contact an IT professional, as soon as possible. Although it may be tempting to just pay the ransom and have data returned, the FBI and Department of Justice suggest you don't. Sometimes paying the ransom will work, but sometimes it won’t. Also, the act of paying, is basically handing money over to cyber criminals.

Watch This Video For Further Information on Protection

2018/ 2019 Email Attacks

After the 2017 initial attack that effected thousands of computers across the world, there was an email scam that went around to hundreds of computer users. In the email, the scammer(s) claimed to be the original developers of WannaCry, and then asked for the victim to send .1BTC to the hackers bitcoin address, unless the victim wanted their computer data to be destroyed.