Welcome to the era of Online Ransom! How will you react if right now your PC shows a message: Transfer some money or all your files from your PC will be deleted. You will be like “ Who the hell are you ?” Yes this is what happening and these are the biggest attacks that internet world has witnessed recently.
Earlier people were used to kidnapped but today your files are kidnapped. They literally threaten you to delete files your files from your personal computers unless you pay them ransom amount. And the funny part is that no antivirus and antimalware can stop this exploit for now.
This is first which captured everyone’s attention. If your system gets infected with WANNACRY, then it will encrypt your files and you won’t be able to use them. If you want your files back, then they give you a very generous option of decrypting them but for that you have to pay them $300 to $600.
But wait a second! There is something more. If your system is part of an IT organisation, then it is likely that it will spread quickly to all the systems connected. For that they have used Eternal Blue.
Let’s now find out what’s Eternal Blue and why it is related to this story ?
It is a security exploit discovered by U.S. National Security Agency in Microsoft’s implementation of Server Message Block (SMB) protocol. SMB is mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. What was wrong with SMB? Well the first version of SMB server accepts specially crafted packets from remote attacker which in turn allows them to execute their desired codes on other target computers and that little glitch is more than enough for breaching online security.
But unluckily it was leaked by a hacker group named Shadow Brokers. Things got worse when Wannacry and Petya (discussed later) ransom attacks used this exploit and created a fear for every internet user today. Although Microsoft released security patches for covering up Eternal Blue exploit for all Window’s version and even for unsupported Window XP, keeping in eye the severity of the problem.
But sometimes we are lazy and ignore these security updates considering them useless. But you will be glad to know only systems which were not updated with security patches are affected. That means if your system is updated, no need to worry for now.
After that surprisingly a security researcher found that Wannacry is connected to a specific domain. Then this smart individual bought that domain and we finally got an end to spreading of Wannacry. But this was a lucky trick for all of us. It could have been more destructive.
Now we actually have a new more destructive one named Petya ransom (also named as GoldenEye and NotPetya). It didn’t make mistakes done by Wannacry. Petya is coded well and have better encryptions. It is getting better in every iteration and it is continuously targeting high profile victims. According to stats, 1 out of 5 companies who paid ransom amount never got their data back which is a cruel thing being done by hackers.
You might be thinking why government can’t stop it? You may raise a question that ransom money that victims have to pay must be going in some bank account and they can be legally tracked down.
Well hackers have figured out an alternative. That’s called Bitcoin. It is kind of cryptocurrency in which no central authority or banks manage transaction and that’s completely open source. As of now more than 700 cryptocurrency have emerged like bitcoin, ethereum, ripple,etc. Almost all ransom attacks prefer bitcoin because of the anonymity it offers.
So what I mean is no one can track where money is going. No one! So we can’t track hackers as of now.
Finally we can say is precaution is better than cure. Security is in your hands. What you can do is don’t download from untrusted websites. Don’t open untrusted emails and be particular about it. Install windows security updates. You should have a updated antivirus. Newer updates to your antivirus may save you from some attacks because cyber security teams are continuously working to somehow stop these ransom attacks and they will definitely come up with some solutions to save your system.
Tell us about your views on these security threats!