Cyber Attacks – WannaCry Attacks
The WannaCry cyber attack took place on 12th May infecting over 230,000 computers all over the world. The cyber attack was intended to attack all Windows operating system by making through their data and demanding ransom payments to unlock the data. The shadow Brokers put this plan into action a few months before the actual attack through EternalBlue.
The WannaCry ransom ware is considered to be a network worm as it has the ability to spread itself. The cyber attack itself originated from Asia and the first attack was through a high risk SMB port rather than gathering information from emails as initially presumed. Within 24 hours the code attacked more than 230,000 countries effecting over 150 countries.
Earlier in March Microsoft had detected certain vulnerabilities in their system. To fix this vulnerability a security update was created. However quite a few organizations had not administered this security update. These organizations were the ones that were affected by the WannaCry attack as they were at a high risk since they made no security upgrade.
A research showed that 98% of the computers that were affected by the cyber attack were the ones that were being run by Windows 7. The four countries that were affected the most by the WannaCry cyber attacks were; Russia, India, Taiwan and Ukraine. The National Health Service hospitals in Scotland and England were the largest institutes affected by the cyber attack in which 70,000 devices were also affected.
A cyber security researcher, Surfer Marcus Hutchins, who worked with the UK’s National Cyber Security Centre, researched the cyber attack and its malware and found a “kill switch.” After some time all over the world, researchers worked together to create an open source tool that helped with the decryption without paying the ransom amount under some conditions.
By the time the kill switch was developed, the WannaCry cyber attack had already affected the National Health Service, banks, schools and factories and demanded $300 in bitcoin currency to decrypt the data from the infected computers. Some organizations also had to pay double the amount and they had only 24 hours to do so. Even with the payment being made, the information was not decrypted. The Shadow Brokers were behind the attack and offered to give secret NSA software information every month in return for ZCash.
After careful research, the United States of America stated that North Korea was to be blamed for the WannaCry cyber attack. The White House homeland security advisor said that this accusation was made with evidence that proved that North Korea was behind the attack. Major organizations such as Microsoft and Facebook worked together to disable to accounts in North Korea that were used for this cyber attack.
In October, the United Kingdom’s government also blamed North Korea for the cyber attack; however Kim Jong Un denied any involvement in the attack. Along with USA and UK, Australia, Canada and Japan also blamed Pyongyang for the cyber attack. Lastly, over the years, North Korea has been seen to break into computer systems all over the world for their own financial benefits.
References
Cyber-attack: U.S and UK blame North Korea for WannaCry. (2017, December 19). BBC NEWS. Retrieved from http://www.bbc.com/news/world-us-canada-42407488
Sharp, A., Tweed, D & Olorunnipa, T.(2017, December 19). U.S. Says North Korea Was Behind WannaCry Cyberattack. Bloomberg Businesweek.
Retrieved from https://www.bloomberg.com/news/articles/2017-12-19/u-s-blames-north-korea-for-cowardly-wannacry-cyberattack
Harley, N.(2017, October 12). North Korea behind WannaCry attack which crippled the NHS after stealing US cyber weapons, Microsoft chief claims. The Telegraph. Retrieved from https://www.telegraph.co.uk/news/2017/10/14/north-korea-behind-wannacry-attack-crippled-nhs-stealing-us/
