Wannacry and the attack Snowden always feared
Seems incredible but, a week after our last article, we are still talking about IT security. This time it’s not about regulations but the sad truth of a simple fact: our systems are often too vulnerable. The enemy of this specific battle is called Wannacry and is a ransomware that quickly infected 130 thousand systems all around the world. Let’s see what happened!
The danger of Wannacry
A ransomware is a malware that limits the access to a device blocking its system or encrypting its files. Why inventing a similar program? Because, in order to let you access again the system or the files, the ransomware asks for a specific amount of money, a sort of ransom. Users often prefer paying the price, which is usually low, than spend much more trying to solve the problem.
Wannacry is a particular ransomware derived from the malware called Wanna Decryptor. It uses two tools, called Eternal Blue and Double Pulsar, that install a backdoor in the target system: the consequent Remote Code Execution infects every pc connected to the LAN. The ransom Wannacry asks for amounts to 300 dollars in bitcoins, a price that should never be paid considering there are no guarantees to get the problem solved.
The diffusion of the virus
The malware attacked many important IT centers. Just to mention some of them, it blocked the russian and german railway system, the english healthcare system, the spanish national banking system and the french automotive brand Renault. Even Milan’s Bicocca university got hit, probably because of an infected USB device used in the campus library.
Windows is the attacked system because of a vulnerability, called Ms17-010, related to the network sharing protocols. This defect is in phase of revision since two months but the request was renewed due to what happened. The vulnerable versions are Windows XP, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows 10 and Windows Server 2016 in case they are not updated since March.
The problem lies in the fact Eternal Blue is a program used by CIA. But it appears to be developed by National Security Agency and stole by the group called The Shadow Brokers. Edward Snowden’s accusations are clear: if NSA shared the news of the systems leak before the program’s loss (or at least in that moment), we wouldn’t have to face this so great IT risk.
This is the same point of view of many other exponents of the human rights fight: the fact intelligence agencies are aware of leaks and vulnerabilities gives them the possibility to warn the potential targets of the risks. This means at the same time that they would have a less control capability and this interests conflict is the answer to why they don’t share this kind of information.
What can we do?
We could feel helpless against IT menaces like Wannacry. Surely we need to mantain our systems fully updated and to their maximum security potential. Luckily, it seems that the killswitch was found for this ransowmare but there is something you can do to be safe from similar menaces: to rely on Security experts. BrainWise studied many solutions to guardantee your data and network security. Discover the right set for you or contact us for further information, together we will defend your systems from every attack!