Name:  Wanna Cry a.k.a Wanna Crypt 
Type:  Worm, Ransomware 
Target: Windows Computers running SMB file sharing 
Original Creators: NSA (Yes, the US gov.)

EternalBlue is the exploit that was developed by the NSA most likely to be used on “we the people”. It was leaked by hackers in April 2017 and used in the WannaCry ransomware a month later. This ransomware only targeted certain Microsoft Operating Systems and it spread using the file share feature (SMB). Microsoft even patched their OS back in March 2017. But how many people keep their systems updated? Microsoft even went as far as to create a patch for end-of-support systems like Windows XP and Windows Server 2003!
Microsoft issued a statement criticizing government spy agencies and the NSA of hiding critical security flaws from vendors. Most security specialists blame the National Security Agency (NSA) for committing the original sin. Of course, if a hacker had created EternalBlue, he would be serving time (…just sayingđŸ’đŸ»â€â™‚ïž)

The irresistible actions of the NSA for knowingly withholding such vulnerabilities endangered the lives of patients in hospitals in the UK, loss of business around the world, infecting over 300,000 machines in over 150 countries. All this could have been prevented if first, the NSA would not have created such a weapons, and secondly, would have informed the public that they have been hacked, and this is what has been stolen and here’s how to protect yourself. Did the NSA really think they would be immune to hacking?

Kill Switch


Marcus Hutchins
, a security researcher and Ethical Hacker stumbled upon a “Kill Switch”. What is this Kill Switch?Kill Switch

The malware was designed to spread and infect computers and in the process kept checking to see if a gibberish domain name was accessible. If it was, then it would kill itself. Some say it was a means to stop the spread by the creator, in case the damage went out of control. It turns out, Marcus registered that domain name and the malware committed suicide as it could ping that domain now!

Ransomware

Wanna Cry ScreenshotThis did not reverse the affects of the damage that had already been done.
Ransomware encrypts files on a computer and presents the user with a screen to pay up (in BitCoins) and get the keys 🔑  to decrypt their data which the hacker holds.

They charge a small enough amount that people actually pay. BitCoin transactions are public but the identity of the owner is hidden. This hacker got over $124,000 in ransom. Live tracker here.

Lessons learnt?

It’s certainly not over for WannaCry. There will be more like it, with modified code that may not have a kill switch.

This is just the tip of the iceberg. This was only ONE cyber weapon from the NSA, targeted on the people by hackers. The CIA Vault7 leaks by WikiLeaks reveals thousands of more cyber weapons created by the CIA to use on foreign governments and it’s own people!

There are a few takeaways from this:

  1. Always keep your systems updated. There’s a reason why companies come out with patches!
  2. Prevention is better than cure. Get your networks checked up, just like you go to a doctor if you’re sick or have symptoms. Get a Security Assessment or Penetration Testing done regularly by a White Hat Hacker to identifies vulnerabilities and take proactive steps.
  3. The government is not responsible for your security, you are! They will create such spying tools and weapons to spy on the masses and keep it a secret, until a hacker leaks it.
  4. As with all infections: Regularly backup all your data and don’t click on fishy links or files and look out for un-official email domains in headers.