It is about Ransomware. You have probably heard of it. It is absolutely everywhere right now, and one of the biggest attacks was actually on a hospital system in the United Kingdom, where hundreds of computers were not only made basically useless, but more importantly, there were tons of documents on patients’ information, test results and they are all essentially lost.
This is not an isolated incident. It is happening worldwide, and not only is it affecting normal people’s computers, but it is also attacking things like banks and gas stations. Pretty much anything that it can get its hands on. But what is Ransomware?
This is not a new thing. Viruses, of course, ahve been around for pretty much as long as computers have been. But Ransomware is a slightly different take on it. Generally, malware is not this malicious.
So, sure, if you get a virus, you might have pop-ups, or your computer might be a part of a botnet, but what Ransomware does is it literally holds your files ransom until you pay, and even if you pay there is no guarantee that you will actually get any of your information back.
Generally speaking, as the name suggest Ransomware is virtual kidnapping or abducting of your data to obtain some extortion money. Although, they won’t take your data away from you, they will just encrypt your data, so that you won’t be able to access that data.
Well, before we move forward, lets just say that this is not the first time around that viruses like this are in market. Lets get into the history of it a little.
The first known malware extortion attack, the “AIDS Trojan” written by Joseph Popp in 1989, had a design failure so severe it was not necessary to pay the extortionist at all. Its payload hid the files on the hard drive and encrypted only their names, and displayed a message claiming that the user’s license to use a certain piece of software had expired.
The user was asked to pay $189 USD to “PC Cyborg Corporation” in order to obtain a repair tool. Even though the decryption key could be extracted from the code of the Trojan. The Trojan was also known as “PC Cyborg”. Popp was declared mentally unfit to stand trial for his actions, but he promised to donate the profits from the malware to fund AIDS research.
The idea of abusing anonymous cash systems to safely collect ransom from human kidnapping was introduced in 1992 by Sebastiaan von Solms and David naccache. This money collection method is a key feature of Ransomware. In the von Solms-Naccache scenario a newspaper publication was used (since bitcoin ledgers did not exist at the time the paper was written).
The notion of using public key cryptography for data kidnapping attacks was introduced in 1996 by Adam L. Yound and Moti Yung. Young and Yung critiqued the failed AIDS information Trojan that relied on Symmetric cryptography alone.
The fatal flaw being that the decryption key could be extracted from the Trojan, and implemented an experimental proof of concept cryptovirus on Macintosh SE/30, that used RSA and the Tiny Encryption Algorithm to hybrid encrypt the victim’s data.
Since public key crypto is used, the cryptovirus only contains the encryption key. The attackers keeps the corresponding private decryption key private. Young and Yung’s original experimental cryptovirus had the victim send the asymmetric ciphertext to the attacker who deciphers it and returns the symmetric decryption key it contains to the victim for a fee.
Long before electronic money existed Young and Yung proposed that electronic money could be extorted through encryption as well, stating that “the virus writer can effectively hold all of the money ransom until half of it is given to him. Even if the e-money was previously encrypted by the user, it is of no use to the user if it gets encrypted by a cryptovirus”.
They referred to these attacks as being “cryptoviral extortion”, an overt attack that is part of a larger class of attacks in a field called cryptovirology, which encompasses both overt and covert attacks.
So, as I mentioned above, the Ransomware is nothing but a cryptography combined with virus, which virus is known as Cryptovirus and the technique to create it is known as Cryptovirology.
Once your system is infected by Ransomware, it will start looking through all of your files, so it will find things like pictures, videos, musics, documents, pretty much anything it can get its hand on and start encrypting it.
Once these files are encrypted, and it doesn’t take long, they are basically totally useless to you unless you have the key, which they just so happen to have, and they will offer to unlock it for you for a “very Reasonable Fee.”
Generally speaking, once you have actually had your files encrypted, there is really nothing you can do about it. Ransomware like this has been around for a few years now, but what is different is that there is a new much more dangerous version of it around: WannaCry.
Originally, this was an exploit found by the NSA called Eternal Blue, where they presumably used it for super-secret spy stuff. However, one of their servers was actually leaked and lots of their tools were available publicly, including this one, where bad things started happening.
Eternal Blue is an exploit in Windows networking that is especially dangerous because you don’t need to be doing anything wrong to be affected.
So you take that and you combine it with Ransomware and you have a very dangerous combination. The good news is that Microsoft has already released a patch to deal with this exploit. But to show you how big of a deal this is, they even released an emergency patch for Windows XP, which came out in 2001.
If your computer is fully up-to-date, you are safe from WannaCry, but of course, there are lots, and lots, and lots of computers that are not fully up-to-date. Some countries have huge percentages of PCs, that are running pirated Windows that might not be getting updates.
There are plenty of companies that can’t just immediately update 300,000 PCs with a new patch, and of course, some people just don’t get around to updating their computer very often.
To check, what happens if you are infected, I have purposely put WannaCry on my computer. Now, the main thing I wanted to tell you is, first of all, can you do anything about it? Well, there is very easy answer to it, No. Nothing if your data is infected by it.
But also, there is one more thing about this, that is Process. So, I will tell you what the process is if you actually are infected. So, I had a few files on my computer, like Document files and images.
But keep in mind, WannaCry will go after pretty much anything that is on your PC. So, you can imaging, if this can hit your personal computer with all of your documents, it will pretty much attack whatever it can get its hands on.
So, what I actually done is triggering WannaCry manually. Generally, if this was you and you were infected in the wild, you wouldn’t really have to do anything. It would just show up on your computer, attack all your files, and you wouldn’t even know anything was going on in the background.
So, moving on my test results, (not of the test I given in my college).
As WannaCry start doing stuffs to your PC, It will be eating up your CPU, Not really like that, it will start consuming your CPU, will will lead your CPU Usage to be about 100%.
If you have your any folder opened in which it is going to strike, then you will be able to see your original files but also see the encrypted versions. So, if this happens to you, you would immediately turn your computer off.
It will be writing a ton of stuff to the disk afterwards, eating up a fair bit of CPU and of course your desktop will be just littered with all the crap at last. When WannaCry will be done with the stuffs, you will be seeing a wallpaper on your desktop looking something like the following.
So, you will be able to see those files that WannaCry encrypted, but when you will try to open up, that file will be with a extension like “.WinCry”, and when you try to open it up, all you will find is just complete garbage. So, in any file that is affected by WannaCry, you will find junk characters with changed extension.
Now, if you do follow their instruction, you will actually find software they are suggesting in their warning, and when you do open that decryptor software, they will just ask you to pay bitcoins worth something like $300-600 USD. Amount could be random. Which doesn’t matter.
Because, of course no one in the right mind will do that, especially, not someone like me, because all I have on my laptop is Anime series and TV series and other stuffs which are easily available on internet.
Thankfully, this version of WannaCry has mostly been taken care of at this point, but there is always going to be another big exploit that will come out of nowhere. So, please keep your computers up to date, keep you phones, tablets and computers or whatever the case is, keep it up to date.
Anyway, let me know that what do you guys think about this WannaCry version of Ransomware, just comment everything you want to know and you wanna share in the comments below.
If you are into music, it might seem like there are just way to many audio formats to choose from. Can’t we just use Mp3…..
Coolpad and LeEco joined their forces to create the Coolpad Cool 1 Dual. This smartphone was announced soon after LeEco’s CEO Jia Yueting took place as…..
We are just 40 hours away from the official announcement of Oneplus 5. But there is no point of announcement when the exclusive look of the…..
If you have ever used the Internet, which you have probably done considering that you are reading this blog right now, you have almost certainly…..
Samsung has received tremendous response from the consumers with their Galaxy J series. As the tag line of the Galaxy J Series “Innovations for you”…..
Selfie Expert, this is the tag line for Oppo’s smartphones. Starting from the Oppo F1 to Oppo F3 plus, All those were Selfie Experts. This…..
Since Lenovo bought Motorola, we are getting smartphones with uniqueness. Each and every one of their smartphone has it’s own unique feature. Or if you…..
Today, I am going to tell you about all the features of Tesla Model S. So, What makes Tesla Model S such an advanced car……
Samsung has been focused on their Flagship smartphones like Samsung Galaxy S8 and Samsung Galaxy S8 Plus, Samsung is being successful with those, but as you mention…..
Encryption has become a major debate recently. Recently, Apple wrote an open letter to the US government, explaining why forcing companies to insert a back-door…..
The HTC U11 is a smartphone full of contradictions. A stunning back plate made into a forgettable face, quick software blunted by extraneous gimmicks, slick…..
The Samsung Dex, the dock that turns your Samsung smartphone into a computer. Probably the coolest thing about Samsung Dex is that it exists at…..
Essential Ph1 is not just another anonymous startup, who promise to reinvent the smartphone. The man in the captain’s chair is Andy Rubin. He is…..
If you are interested in computer building, you might have noticed a common thread and most of the how to guides out there on the…..
API can be just as important as device driver, but if a driver is already there, then to serve as the link between your hardware and programs, then….
Two months ago, Gionee Released their selfie centred smartphone Gionee A1 #Selfiestan. Now, they are back with another surprise to the consumers with a Four…..
Xiaomi Redmi 4, In online sale across their official website and Amazon, they sold over 250K+ units within mere 8 minutes. The rush for buying…..
After getting not so good response with HTC U Ultra, HTC has to make a great comeback. This is their chance. HTC U11 is HTC’s Flagship smartphone…..
Xiaomi recently unveiled their Flagship smartphone Xiaomi Mi 6. Xiaomi highlighted their key new features at the event, features like Snapdragon 835 chipset, 6 GB of…..
Google I/O is basically a Developer Conference for people who use Google software and for all those developers of apps that run on those Google…..