Ransomware: a virus that hijacks our archives
the attack known as WannaCry (‘Like crying’ in English) is a type of ransomware a category of viruses that encrypted files from the computers attacked, calling for the payment of a ransom (typically in Bitcoin) in Exchange for its restoration but not before spreading to other vulnerable computers networks.
The ransomware is not a new phenomenon, but an attack as WannaCry scale is unprecedented. Everything is born of a vulnerability discovered by the national agency of States (NSA for its acronym in English), considered a cyber-weapon reserved for national security that leaked and was exploited by hackers to create the WannaCry attack.
The result: more than 300,000 computers in 150 countries have been affected by crippling from car production plant to clinics and hospitals. And, although a researcher from security in the United Kingdom (@MalwareTech) managed to stop the attack temporarily to study the virus code and register an internet domain that disables it, the attackers released a new version a few hours.
The fragility of the old systems
WannaCry specifically affects computers that use Windows XP and Windows 7, and WIndows Server 2008 (or earlier) who have not made security updates. Is old equipment, abandoned to their fate. The strategy of ‘do not touch’ old systems out of fear to fail him left sided administrators systems.
Microsoft had released a patch to fix the vulnerability weeks ago. Then, why not applied it? The truth is that in many cases it systems are so complex, that applied a security patch is a process of change management. A process is slow, requiring multiple approvals and in some cases a re-certification by third parties, as it is the case with medical equipment that use an embedded operating system.
And the vulnerability of software pirate
as reported the New York Times it is no coincidence that heavily affected countries such as China, Russia and India have a use of pirated software or unlicensed superior to that of other countries. Users prefer not to touch it for fear that it ceases to function.
there is life after WannaCry?
If you are affected and have no backups (backups), there isn’t much that can be done. The Cryptography used is solid and does not seem to be viable decrypt files with brute force. Already in 2015 the FBI considered ransom payments of ransomware as an exit for the recovery of data .
paying the ransom returned the files? The date payments are estimated by more than USD$ 72,000 in bailouts, a tiny fraction when one considers the number of affected machines. http://howmuchwannacrypaidthehacker.com/ site maintains a count in real time of the Bitcoin account. But remember, there is no guarantee that paying the ransom is effective to recover the files. It is what happens when dealing with criminals.
Companies must modernize en TI
this type of attack is making an important incentive to correct serious elements that affect users and companies.
- flexibility and agility in IT
understand software as a well perishable, requiring improvements and updates to be viable in the short term. Improve the process of updating software, making and recovery of backups is the first lesson and the most important.
Upgrade the operating system permanently and have a solid process of distributed backups.
- software legal
what has failed in years of awareness campaigns, succeeds the fear of receiving an attack in an operating system that is not updated. Keep the licensing to date to receive patches and updates from the manufacturer.
- control of cyber-weapons and transparency
there is a natural conflict between the development of ciberarmas to attack other countries (such as occurs with the NSA) and the risk that they can be used by hackers against the same countries that develop them. Microsoft has made a call agencies like the NSA so that they don’t accumulate cyber weapons that could fall into the hands wrong sooner or later. It is clear that required a better control of the manufacturers and a general policy preventing the ‘back doors’ or rear entrances.