Cybercrime News WannaCry Ransomware Cyber Attack uses leaked NSA Windows Exploits Everything you want to know about WannaCry Cyber Attack By KA Posted on May 13, 2017 7 min read 0 Share on Facebook Share on Twitter Share on Google+ Share on Reddit Share on Pinterest Share on Linkedin Share on Tumblr Probably the most massive cyber attack to date with Ransamware (malware requiring ransom) called as “WannaCry” is reported to have used NSA Windows Exploit that was leaked earlier. The massive attack with the malware hit computers of mainly the hospitals and private or public organisations and companies across the globe. According to reports, organisations in almost 100 countries have been affected. “WannaCry” Ransomware is also being referred with various names around the globe including “Wana Decrypt0r”, “WannaCryptor” or “WCRY”). Like other ransomware malicious tools, if you had known, WannaCry also blocks access to your documents and files on your computer after having it occupied. Next it demands you to pay to unlock your files and content. So the victims, with computers infected by WannaCry, will be prompted with a red alert popup. The red popup as shown above asks them to pay up to $300 if they want to have access to their files and documents and if they want to remove the malware or infection from their computer. Related: Shaukat Khanum Hospital also infected by WannaCry ransomware How did the WannaCry Ransomware Outspread? Well, that’s a big question, after all the root of the initiation of something bad has to be identified and fix this. But in this case specially, the root is being identified as one of the leaked exploits from US’s National Security Agency (aka NSA.) It’s reported that it’s the Windows Exploit harvesting into the hacking tools of NSA which themselves were hacked by Shadow Brokers and leaked earlier last month. The specific tool, in subject, is called EternalBlue, one of the hacking tools which were reported to have been used by NSA for hacking into SWIFT Banking Network. It’s in the line with the information leaks done a few months ago by wikileaks. However, the exploit that targeted the vulnerability in Windows operating systems (Windows XP to Windows 2012) was reported as already fixed at the time when the leaks were happened. Microsoft issued the statement last month following the leaks. The Outbreak Hit Thousands of the Organisations Globally Shockingly, in just a few hours, the WannaCry ransomware targeted over 45,000 computers in 74 countries, according to Kaspersky Labs, including United States, Russia, Germany, Turkey, Italy, Philippines and Vietnam. Kaspersky also noted that the numbers are going to increase fast. The numbers then increased to 99 countries according to The Guardians. In fact, we exclusively reported about the outbreak hitting Shaukat Khanum Memorial Cancer Hospital in Pakistan earlier. So what happened, as the recent outbreak of the cyber attack could reach hundreds of the countries with thousands of the organisations worldwide? Most probably the systems in use were not up-to-date with most recent Windows patches Microsoft had issued. How to Protect from being Infected with this Malware? 1 – Well, most important thing is to update your machine immediately. Specially to protect your computers from these hacking tools you need to visit Microsoft and see what vulnerabilities you need to have fixed. EternalBlue is also listed with the exploit reference in the security bulletin MS17-010. 2 – Never Click a Link that you are not sure of. Links in embedded into documents you don’t know the source, are prone to take you through the malware. 3 – Take backup of your important data frequently to avoid any loss. 4 – Use credible anti-virus and anti-malware software on your computers. Can you remove the Malware from the computer once it’s Infected? Technically, as per the claim, the WannaCry ransomware encrypts the files, databases, documents, photos and videos before asking you for the ransom money. That means, removing Windows and reinstalling it or running anti-malware software to disinfect the ransomware, won’t help. Encrypted data can only be unlocked or decrypted by the same algorithm and the secure key which is used for encryption. Better option is to immediately shutdown the computer and wait for the fix. Better to stay protected prior to get infected.