Here’s How A Security Researcher Accidentally Stopped WanaCrypt0r Ransomware

Recently a 22-year-old researcher from @Malware TechBlog had discovered a ‘kill switch’ that can disable all the functionality of the Wanacrypt0r 2.0 ransomware. Well, the ransomware attempts to connect to an unregistered domain after operating on victim’s computer.

Earlier this year the hacking group ‘The Shadow Brokers’ decided to give away the hacking tools that were stolen from the NSA for free. Well, the tools can be used to hack computers running on Microsoft Windows.

The malicious software WanaCryptor 2.0 which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind.

Recently a 22-year-old researcher from @Malware TechBlog had discovered a ‘kill switch’ that can disable all the functionality of the Wanacrypt0r 2.0 ransomware. Well, the ransomware attempts to connect to an unregistered domain after operating on victim’s computer.

If the connection takes place, the ransomware closes itself and also stops spreading. That means that as long as the domain was unregistered and inactive, the ransomware keeps expanding itself.

The researcher bought the domain for $10.69. Once the URL went live after purchasing, the whole thing closed down. Now when the code pinged that domain, it turn out to be purchased and then the ransomware deactivated.

The researcher claimed that ‘a bit of analysis’ led him to the discovery of the domain. However, finding the kill switch was accidental. So, eventually, he pulled the plug without even realizing.

Massive WanaCrypt0r Ransomware Attack Hits 99 Countries Around The world

The malicious software WanaCryptor which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind. Dozens of countries have been affected by this ransomware attack. The attack locks up computers and holds users’ documents for ransom.

If we look back at August 2016, The hackers group named “The Shadow Brokers” claims to have penetrated an NSA-backed hacking operation. The group of hackers claimed that they have hacked into “Equation Group” which is a cyber attack group widely believed to be associated with NSA.

Earlier this year, the hacking group have decided to give away hacked tools and files for free. They took it to medium and shared the password to unlock the encrypted folder of files to the public.

Well, the hacking tools that were stolen from the NSA can be used for hacking computers running on Microsoft windows. The malicious software WanaCryptor 2.0 which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind.

Well, Dozens of countries have been affected by this ransomware attack. The attack locks up computers and holds users’ documents for ransom. The more shocking thing is, the ransomware is targeting multiple companies, government agencies, and even hospitals.

Security researchers at Avast have recorded over 57,000 detections of WanaCryptor 2.0 ransomware in 99 countries. Let me tell you, after the attack, the ransom being demanded is $300 worth of bitcoins.

Well, the attack displays a message which instructs how to pay the ransom, explanation of the attack and a timer. Here’s the message:

According to Avast security blog “The ransomware is mainly being targeted to Russia, Ukraine, and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica.”

Avast security blog says “We saw the first version of WanaCrypt0r in February and now the ransomware is available in 28 different languages, from languages like Bulgarian to Vietnamese.”

This malware is spreading by exploiting a vulnerability called EternalBlue. The scam might be spreading because of phishing emails with malicious attachments that infect users computers when they click on them. Well, the official government says that not to pay those criminals behind such attacks.

Well, Avast security blog reported that good antivirus program can detect all known version of WanaCryptor 2.0. However, they also recommended users to fully update their system with the latest available patches.

Just now we have also seen Reserve Bank of India has shut down some ATMs all over the India as a preventive measure against the ransomware and had also asked banks to put in place a software update at ATMs.

check out the video of Wnnacry live propogation in system:

https://www.youtube.com/watch?v=Nrw5qkqKGXQ

 

How it works:

WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore.

It targets Microsoft’s widely used Windows operating system.

When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300.

The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline of when the target will lose its data forever.

Payment is only accepted in bitcoin.

The ransomware’s name is WCry, but analysts are also using variants such as WannaCry.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the US’ National Security Agency (NSA), according cyber-security providers.

How it spreads:

Ransomware is a programme that gets into your computer, either by clicking or downloading malicious files. It then holds your data as ransom.

Some security researchers say the infections in the case of WannaCry seem to be deployed via a worm, spreading by itself within a network rather than relying on humans to spread it by clicking on an infected attachment.

The programme encrypts your files and demands payment in order to regain access.

Security experts warn there is no guarantee that access will be granted after payment.

Some forms of ransomware execute programmes that can lock your computer entirely, only showing a message to make payment in order to log in again.

Others create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.

Steps on how to avoid Ransomware

1. Backup your computer immediately

Investing in an external hard drive and making regular backups will help you in protecting your data, if not in saving you against malware.A data backup can save you from significant stress, time and money in the event when your computer becomes infected.

Alternatively, you can subscribe to a cloud backup service and upload your most important data regularly. Free cloud services like Google Drive, Apple iCloud or Dropbox can also be used to store your most valuable data without spending a dime.

2. Immediately patch your Windows with Microsoft’s recently released fix

This Ransomware spread through a weakness in Microsoft Windows which was formerly exploited by US surveillance agency NSA.

This tool, unfortunately, was leaked in April 2017 and is now being used by hackers behind Wanna Cry Ransomware.

In response, Microsoft released a fix for this vulnerability which can be applied by those who are still safe from Wanna Cry Ransomware.

3. Update your operating system

Though Microsoft did release a fix for the vulnerability; we still do not know if any similar vulnerabilities still exist in the OS. In this case, it is necessary that you update your OS to the latest version, preferably Windows 10, as soon as you can.

4. Steer clear of suspicious emails and websites

Phishing emails are not uncommon, any email containing links or files can grant malware access to your computer therefore keep your eyes open and steer clear from any such emails.

Ransomware can also infect computers via malicious website advertisements or through the installation of unverified software. The best defense in such cases is to avoid any such website or software links as they may lead to the installation of malware or Ransomware program.

5. Use Firewall

Using a firewall can stop ransomware from entering your system. A firewall guards your online communications and makes sure that no suspicious or unauthorized program access your computer without your consent.

It is necessary that you keep your firewall software updated at all times, so you remain safe from any recent forms of malware. Also, make sure not to approve any suspicious files from bypassing your firewall security and entering your system.

6. Don’t pay

One thing that you must remember is that paying ransomware does not guarantee its removal from your computer. Giving in to the hacker’s demand and paying the ransomware amount only gives attackers the arsenal they need to create and spread more ransomware programs.

You should instead try restoring a pre-infection backup of your computer. If a backup is not available, but the files are important for you or your business, seek the help of a computer professional. Don’t give in.

KEEP YOUR SYSTEM SAFE

Microsoft took nine months to fix this bug in Word as hackers continued to exploit the weakness

To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft’s regular monthly security update.

But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time. Google’s security researchers, for example, give vendors just 90 days’ warning before publishing flaws they find. Microsoft Corp declined to say how long it usually takes to patch a flaw. While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine.

And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries. Those conclusions and other details emerged from interviews with researchers at cyber security firms who studied the events and analyzed versions of the attack code. Microsoft confirmed the sequence of events.

The tale began last July, when Ryan Hanson, a 2010 Idaho State University graduate and consultant at boutique security firm Optiv Inc in Boise, found a weakness in the way that Microsoft Word processes documents from another format. That allowed him to insert a link to a malicious program that would take control of a computer.

Combating flaws

Hanson spent some months combining his find with other flaws to make it more deadly, he said on Twitter. Then in October he told Microsoft. The company often pays a modest bounty of a few thousands dollars for the identification of security risks. Soon after that point six months ago, Microsoft could have fixed the problem, the company acknowledged. But it was not that simple. A quick change in the settings on Word by customers would do the trick, but if Microsoft notified customers about the bug and the recommended changes, it would also be telling hackers about how to break in.

Alternatively, Microsoft could have created a patch that would be distributed as part of its monthly software updates. But the company did not patch immediately and instead dug deeper. It was not aware that anyone was using Hanson’s method, and it wanted to be sure it had a comprehensive solution.

“We performed an investigation to identify other potentially similar methods and ensure that our fix addresses [sic] more than just the issue reported,” Microsoft said through a spokesman, who answered emailed questions on the condition of anonymity. “This was a complex investigation.” Hanson declined interview requests. The saga shows that Microsoft’s progress on security issues, as well as that of the software industry as a whole, remains uneven in an era when the stakes are growing dramatically.

The United States has accused Russia of hacking political party emails to interfere in the 2016 presidential election, a charge Russia denies, while shadowy hacker groups opposed to the U.S. government have been publishing hacking tools used by the Central Intelligence Agency and National Security Agency.

Attacks begin

It is unclear how the unknown hackers initially found Hanson’s bug. It could have been through simultaneous discovery, a leak in the patching process, or even hacking against Optiv or Microsoft. In January, as Microsoft worked on a solution, the attacks began. The first known victims were sent emails enticing them to click on a link to documents in Russian about military issues in Russia and areas held by Russian-backed rebels in eastern Ukraine, researchers said. Their computers were then infected with eavesdropping software made by Gamma Group, a private company that sells to agencies of many governments.

The best guess of cyber security experts is that one of Gamma’s customers was trying to get inside the computers of soldiers or political figures in Ukraine or Russia; either of those countries, or any of their neighbors or allies, could have been responsible. Such government espionage is routine.

The initial attacks were carefully aimed at a small number of targets and so stayed below the radar. But in March, security researchers at FireEye Inc noticed that a notorious piece of financial hacking software known as Latenbot was being distributed using the same Microsoft bug. FireEye probed further, found the earlier Russian-language attacks, and warned Microsoft. The company, which confirmed it was first warned of active attacks in March, got on track for an April 11 patch.

Then, what counts as disaster in the world of bug-fixers struck. Another security firm, McAfee, saw some attacks using the Microsoft Word flaw on April 6. After what it described as “quick but in-depth research,” it established that the flaw had not been patched, contacted Microsoft, and then blogged about its discovery on April 7. The blog post contained enough detail that other hackers could mimic the attacks. Other software security professionals were aghast that McAfee did not wait, as Optiv and FireEye were doing, until the patch came out.

McAfee Vice President Vincent Weafer blamed “a glitch in our communications with our partner Microsoft” for the timing. He did not elaborate. By April 9, a program to exploit the flaw was on sale on underground markets for criminal hackers, said FireEye researcher John Hultquist. The next day, attacks were mainstream. Someone used it to send documents booby-trapped with Dridex banking-fraud software to millions of computers in Australia.

Finally, on the Tuesday, about six months after hearing from Hanson, Microsoft made the patch available. As always, some computer owners are lagging behind and have not installed it. Ben-Gurion University employees in Israel were hacked, after the patch, by attackers linked to Iran who took over their email accounts and sent infected documents to their contacts at technology companies and medical professionals, said Michael Gorelik, vice president of cyber security firm Morphisec.

When Microsoft patched, it thanked Hanson, a FireEye researcher and its own staff. A six-month delay is bad but not unheard of, said Marten Mickos, chief executive of HackerOne, which coordinates patching efforts between researchers and vendors. “Normal fixing times are a matter of weeks,” Mickos said. Privately-held Optiv said through a spokeswoman that it usually gives vendors 45 days to make fixes before publishing research when appropriate, and that it “materially followed” that practice in this case.

Optiv is now comparing the details of what Hanson told Microsoft with what the spies and criminals used in the wild, trying to find out if the researcher’s work was partly responsible for the worldwide hacking spree, the spokeswoman said. The spree included one or more people who created a hacking tool for what FireEye’s Hultquist said is probably a national government – and then appearing to double-dip by also selling it to a criminal group. If the patching took time, others who learned of the flaw moved quickly.

On the final weekend before the patch, the criminals could have sold it along to the Dridex hackers, or the original makers could have cashed in a third time, Hultquist said, effectively staging a last clearance sale before it lost peak effectiveness. It is unclear how many people were ultimately infected or how much money was stolen.

Indian Army’s ‘Future Soldier Program’ Will Make Our Soldiers The Most Feared On The Planet

Hate it or love it, wars are a reality and the army with the best soldiers prevails. While the American, Russian and Israeli soldier battle-gears are known around the world as the most advanced, the Indian Army’s two-phase ‘Future Soldier’ program, earlier known as F-INSAS (Future Infantry Soldier As A System), will make our soldiers the most fiercely equipped soldiers on the planet.

The ‘Future Soldier’ program is divided into two components – the first one being ‘Arming the modern infantry soldier’. Under this, our ‘special forces’ commandos will be loaded with the world’s best under-barrel grenade launcher assault rifles, carbines and hand grenades. They will be protected with equipment such as non-flammable, waterproofed, hard ballistic protected and bulletproof helmets, visors and vests.  The new attire will enable commandos to carry extra loads and resist the impact of nuclear, radiological, chemical and biological warfare. The uniforms will also be fitted with external and internal oxygen supply, fire-proof knee and elbow pads and hand gloves and laser eye protection goggles.

 

The second component is something straight out of a Hollywood movie. Our commandos will be equipped with Palmtop GPS navigation devices, world’s most advanced satellite phones, Integrated Multifunction Sight Device Night Vision Equipment, Thermal Imager, Laser Range-Finder, Colour Charge-Coupled-Device (CCD) Camera,  Digital Magnetic Compass, Integrated Electro-Optical Surveillance and Fire Control Systems and advanced GPS receivers.

The list of sensors our boys will be carrying is just mind blowing – infrared sensors, thermal sensors, electro optical sensors, spectroscopic sensors, electromagnetic and radio frequency sensors. What’s even better is that this entire kickass technology is weatherproof and all-terrain tested.

The program strongly relies on indigenous DRDO-led development of this technology with massive support from Israel.

Once equipped with tech and advanced weaponry, Indian special forces will be able to operate in virtually any and every sort of battle scenario.