by Pamela Williams
The update on the WannaCry RansonWare Attack is: Multiple security researchers have claimed that there are more samples of WannaCry out there, with different ‘kill-switch’ domains and without any kill-switch function, continuing to infect unpatched computers worldwide.
As you can see, you must get your patch now, or your computer will be next. If you are following the news, by now you might be aware that a security researcher has activated a “Kill Switch” which apparently stopped the WannaCry ransomware from spreading further.
But it’s not true, neither the threat is over yet.
However, the kill switch has just slowed down the infection rate.
So far, over 237,000 computers across 99 countries around the world have been infected, and the infection is still rising even hours after the kill switch was triggered by the 22-years-old British security researcher behind the twitter handle ‘MalwareTech.’
For those unaware, WannaCry is an insanely fast-spreading ransomware malware that leverages a Windows SMB exploit to remotely target a computer running on unpatched or unsupported versions of Windows.
We are in an extremely confusing environment right now. Many don’t know what to do, as they are desperate to access their computers. So far, Criminals behind WannaCry Ransomware have received nearly 100 payments from victims, total 15 Bitcoins, equals to USD $26,090.
Once infected, WannaCry also scans for other vulnerable computers connected to the same network, as well scans random hosts on the wider Internet, to spread quickly.
The SMB exploit, currently being used by WannaCry, has been identified as EternalBlue, a collection of hacking tools allegedly created by the NSA and then subsequently dumped by a hacking group calling itself “The Shadow Brokers” over a month ago.
“If NSA had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” NSA whistleblower Edward Snowden says.
Matthieu Suiche, a security researcher, has confirmed that he has found a new WannaCry variant with a different domain for kill-switch function, which he registered to redirect it to a sinkhole in an effort to slows down the infections.
You should know that the kill-switch would not prevent your unpatched PC from getting infected, in the following scenarios:
If you receive WannaCry via an email, a malicious torrent, or other vectors (instead of SMB protocol).
If by chance your ISP or antivirus or firewall blocks access to the sinkhole domain.
If the targeted system requires a proxy to access the Internet, which is a common practice in the majority of corporate networks.
If someone makes the sinkhole domain inaccessible for all, such as by using a large-scale DDoS attack.
MalwareTech also confirmed THN that some “Mirai botnet skids tried to DDoS the [sinkhole] server for lulz,” in order to make it unavailable for WannaCry SMB exploit, which triggers infection if the connection fails. But “it failed hardcore,” at least for now.
The following website will keep you up-to-date on what to do and what is coming next: thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html
MalwareTech also warned of the future threat, saying “It’s very important [for] everyone [to] understand that all they [the attackers] need to do is change some code and start again. Patch your systems now!”
“Informed NCSC, FBI, etc. I’ve done as much as I can do currently, it’s up to everyone to patch,” he added.
As we notified today, Microsoft took an unusual step to protect its customers with an unsupported version of Windows — including Windows XP, Vista, Windows 8, Server 2003 and 2008 — by releasing security patches that fix SMB flaw currently being exploited by the WannaCry ransomware.
Even after this, I believe, many individuals remain unaware of the new patches and many organizations, as well as embedded machines like ATM and digital billboard displays, running on older or unpatched versions of Windows, who are considering to upgrade their operating system, would take time as well as it’s going to cost them money for getting new licenses.
— The Hacker News (@TheHackersNews) May 13, 2017
So, users and organizations are strongly advised to install available Windows patches as soon as possible, and also consider disabling SMBv1 (follow these steps), to prevent similar future cyber attacks.
For god sake: Apply Patches. Microsoft has been very generous to you.
Almost all antivirus vendors have already been added signatures to protect against this latest threat. Make sure you are using a good antivirus, and keep it always up-to-date.
Moreover, you can also follow some basic security practices I have listed to protect yourself from such malware threats.
I want to talk now about how the virus was created, who stole the virus, and how it was perpetuated against global society. In one of my last reports, I made the statement that “Wikileaks should never have leaked the NSA hacking tools.” Someone in the comment section basically called me a liar. I stand by what I said. I now believe that in doing this, Wikileaks has risked the security of the Internet; thus, possibly leading to the downfall of society. I DID NOT SAY WIKILEAKS was responsible for the actual WannaCry cyberattack . The following is a fact which reveals the role WIKILEAKS has played in this current cyber environment. I will explore this indepth.
The following occurred in August of 2016: www.nytimes.com/2016/08/17/us/shadow-brokers-leak-raises-alarming-question-was-the-nsa-hacked.html
Around the same time, WikiLeaks declared that it had a full set of the files — it did not say how it had obtained them — and would release them all in the future. The “Shadow Brokers” had said they would auction them off to the highest bidder.
Researcher Posts Hacking Tool Pulled From WikiLeaks CIA Release
A security researcher has identified what may be the first component of a CIA hacking tool released on the internet since WikiLeaks released nearly 9,000 CIA hacking documents on the web Tuesday.
The component, posted on the website of researcher Marc Maiffret, was apparently recovered from one of the released documents, said cyber security expert Andrew Komarov, chief intelligence officer of the security firm InfoArmor.
Komarov said the component could potentially be used to extract data from a victim online or for data delivery through covert channels, since its functionality is much more about stealth than aggression. Typically, such implants are used for long-term covert victim monitoring.
“It is professionally written,” said Komarov, “which may demonstrate a pretty serious level of malware development.” He said it looked like a component that could have been used in “malware distribution operations” by the CIA.
Komarov said he believed no other tools from the WikiLeaks release had yet been identified.
“This is an emerging pattern in 2017,” Smith wrote. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
Smith wrote in a blog post Sunday that the attack is an excellent object lesson in why governments stockpiling such vulnerabilities is such a problem.
“This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” he said.
Nations need to see the attack as a wake-up call, said Smith.
“They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
The formula goes like this:
- NSA and the CIA created hacking tools.
- Someone steals these tools.
- These tools are leaked to WIKILEAKS.
- In addition, the stolen tools are used by hackers to attack entire Internet.
- WIKILEAKS publishes classified and dangerous tools to the world in Vault 7.
- The tools are further spread and shared.
They do not yet know who actually used the leaked tools to perform the cyber attack of the WannaCry worm. I did not say WIKILEAKS hacked anyone, but they did publish stolen tools from the NSA to further wreck havoc in cyberspace. Were they acting in a legal manner when they did this? I see they are considered journalists, who have the freedom to publish. They do not have to provide their sources, which is a freedom that all journalists have.
Do I think WIKILEAKS are the hackers? Of course not. However, a journalist has the power to choose between right and wrong. In publishing Vault 7, did WIKILEAKS make the world a safer place? Did it enlighten the world?
NO, IT DID NOT MAKE THE WORLD A SAFER PLACE.
NO, IT DID NOT ENLIGHTEN THE WORLD.
The world already knew about the exploits of the NSA and the CIA. We knew we were spied on 24/7. Did it provide us with the power to stop these things?
NO, THE AVERAGE INTERNET USER is not more powerful than he or she was.
Has the condition of society improved since WIKILEAKS published Vault 7? Is humanity better off? In fact, I see no improvement in the world since this publishing. Am I coming from a moral standpoint at this time? Oh, yes, I am.
We do not need the evil of this world magnified and perpetuated!
As many of you see Julian Assange as a god, I do not. He is a publisher, and he does just that. Is he adding to the knowledge in this world? Yes, he is.
Knowledge freely given to a society unable to spiritually handle it, will be used by the evildoers in this world. It will be used against society to invade and destroy by those, who have access to it.
Knowledge leads to wisdom. Yes, it absolutely does.
What is wisdom in the mind of humanity? In a mind which is spiritually evolved, this wisdom, or keys to the kingdom, will be used to create stability and to help humanity. In a mind lacking spiritual intergrity, wisdom will be used to destroy humanity.
We see that tools may be used to tear down or build up. In this instance stolen tools have been used to tear down and destroy. I am not looking forward to losing my Internet, my personal computer, nor my quality of life. Are you?