History has never seen ransomware bring more than half the world’s computers to a standstill. On Friday, May 12, 2017, computers around the world were disabled by the biggest ransomware attack known as “WannaCry” that targeted Microsoft’s Windows Operating Systems. The malware attack has now infected over 2,00,000 Windows based devices in 150 countries. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm.
For those unaware, WannaCry is a fast-spreading ransomware that leverages a Windows exploit to target a computer running on unpatched or unsupported versions of Windows and servers and then spread itself like a worm to infect other vulnerable systems in the internal network. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm.
Soon, after the initial release of the ransomware on May 12, 2017, a U.K.-based researcher going by the name of MalwareTech accidentally discovered a “kill switch” in the malware. The researcher then registered a domain which the malware seems to ping before infection. The registration of the domain name stopped the attack spreading and acted like a kill switch, making it inactive. The creators behind “WannaCry” quickly evolved around the domain-based kill switch and altered the code to remove the kill-switch and restart their campaign. Security researchers have discovered variants of the Windows malware that either doesn’t have a kill switch, or which ping to a different domain than the one discovered by the researcher.
Microsoft has released a software patch (MS17-010) for the security holes on March 14, 2017. Microsoft has now not only encouraged users to download the security patches released for the vulnerability back in March but also created security patches for several now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.