The Ransomware WannaCry broke new grounds to show how digitally vulnerable we are – using NSA’s spyware to infiltrate MS Windows and possibly holding to ransom an unreleased Disney film. Last year, ransomware extorted over $1 billion from victims. ET Magazine looks at the extortionists of the new millennium:
The current attack by ransomware WannaCry is considered the worst ever, with newer versions appearing even as solutions are found to deal with existing versions.
- It surfaced on May 12, exploiting weaknesses in older versions of Windows, especially Windows XP, and locking computers and servers, demanding payments for unlocking them.
- The weakness of Windows was fi rst found by US surveillance agency NSA. Tools developed by the NSA were outed by hacking group ShadowBrokers in mid-2016. The Wannacry creators have used these tools to infi ltrate Windows.
- A kill-switch for WannaCry was accidentally found, but newer versions seem to have been launched that corrected this flaw.
- The ransomware has demanded payments in bitcoins, equivalent to $300-600. More than 200,000 computers/servers were affected in 150 countries.
A North Korea-based cybercrime group is being suspected for perpetrating the WannaCry attack. They have been associated with Operation Troy that targeted the South Korean government in 2009-12, the attack on Sony Pictures in 2014 and on the Bangladesh Bank earlier this year
Rogues gallery: Cyber extortionists
The first recorded ransomware attack was in 1989 and was distributed on fl oppy disks sent via post. These supposedly measured a person’s risk of contracting AIDS but had a virus that encrypted data once the PC was restarted 90 times. It then demanded payment of $189 or $378 to be sent to a PO Box in Panama.
The most prominent ransomware and probably the most damaging till date. It affected 250,000 systems between Septembber and November 2013 and made $3 million for its creators. In 2014, the Gameover Zeus botnet, which was behind CryptoLocker, was destroyed in a concerted global operation.
After CryptoLocker was taken down, clones became active. CryptoWall and Torrentwall dominated between 2014 and 2016. By mid-2015 CryptoWall had extorted in excess of $18 million.
By February 2016, Locky replaced Cryptowall as the most actively spread ransomware
TeslaCrypt or Alpha Crypt
It demanded payments in bitcoins as well as through conventional platforms like Pay-Pal. It is said to have extorted over $70,000 in 2015
In March 2016, it emerged as a more sophisticated version of ransomware encrypting the master fi le table, rendering the computer unusable
A later ransomware that deletes thousands of fi les for every hour that ransom is not paid.
The malware primer
Malware: A short form for malicious software that is used to disrupt any computer operation to gain information or steal money.
Ransomware : Software programmes or malware that are designed to deny access to data and information on a system. Often they demand a payment to undo these changes. Ransom amounts averaged around $300 in the last decade but are now hovering around $500 mark. Often, the demand is doubled if it is not met by the deadline
Botnet : A bot or a web robot is a malware that allows an attacker to take over a computer. A computer taken over by a bot is often referred to as a zombie computer. A botnet is a network of similar computers
DDoS : Distributed Denial of Service is called the older cousin of ransomware, where hackers overwhelm a machine or a server with traffi c from multiple compromised systems. A DDoS struck the servers of Dyn, which controls a lot of the domain name system (DNS) infrastructure, in 2016
Famous victims of wannacry
- French car maker Renault UK’s National Health Service Russia’s Interior Ministry.
- Disney CEO Robert Iger said a hacker group has threatened to release one of its upcoming movies (suspected to be the new Pirates of the Caribbean or Cars 3 ) unless a ransom is paid in bitcoins. It is not clear if it is the same hacker group behind WannaCry.
- The Tirupati Temple Trust reported that quite a few of its computers were affected by WannaCry as was the Andhra Pradesh Police.