WannaCry ransomware: All you need to know

Ransomware WannaCry broke new grounds to show how digitally vulnerable we are - using NSA's spyware to infiltrate MS Windows and possibly holding to ransom an unreleased Disney film. Last year, ransomware extorted over $1 billion from victims. ET Magazine looks at the extortionists of the new millennium

WannaCry 

The current attack by ransomware WannaCry is considered the worst ever, with newer versions appearing even as solutions are found to deal with existing versions.

* It surfaced on May 12, exploiting weaknesses in older versions of Windows, especially Windows XP, and locking computers and servers, demanding payments for unlocking them

* The weakness of Windows was fi rst found by US surveillance agency NSA. Tools developed by the NSA were outed by hacking group ShadowBrokers in mid-2016. The Wannacry creators have used these tools to infi ltrate Windows

A kill-switch for WannaCry was accidentally found, but newer versions seem to have been launched that corrected this flaw

* The ransomware has demanded payments in bitcoins, equivalent to $300-600. More than 200,000 computers/servers were affected in 150 countries

Lazarus Group

 

A North Korea-based cybercrime group is being suspected for perpetrating the WannaCry attack. They have been associated with Operation Troy that targeted the South Korean government in 2009-12, the attack on Sony Pictures in 2014 and on the Bangladesh Bank earlier this year

Rogues gallery: Cyber extortionists

AIDS Trojan

 

The first recorded ransomware attack was in 1989 and was distributed on fl oppy disks sent via post. These supposedly measured a person's risk of contracting AIDS but had a virus that encrypted data once the PC was restarted 90 times. It then demanded payment of $189 or $378 to be sent to a PO Box in Panama

CryptoLocker

 

The most prominent ransomware and probably the most damaging till date. It affected 250,000 systems between Septembber and November 2013 and made $3 million for its creators. In 2014, the Gameover Zeus botnet, which was behind CryptoLocker, was destroyed in a concerted global operation

CryptoWall

 

After CryptoLocker was taken down, clones became active. CryptoWall and Torrentwall dominated between 2014 and 2016. By mid-2015 CryptoWall had extorted in excess of $18 million

Locky

 

By February 2016, Locky replaced Cryptowall as the most actively spread ransomware

TeslaCrypt or Alpha Crypt

 

It demanded payments in bitcoins as well as through conventional platforms like Pay-Pal. It is said to have extorted over $70,000 in 2015

Petya

 

In March 2016, it emerged as a more sophisticated version of ransomware encrypting the master fi le table, rendering the computer unusable

Jigsaw

 

A later ransomware that deletes thousands of fi les for every hour that ransom is not paid

The malware primer

Malware: A short form for malicious software that is used to disrupt any computer operation to gain information or steal money

Ransomware : Software programmes or malware that are designed to deny access to data and information on a system. Often they demand a payment to undo these changes. Ransom amounts averaged around $300 in the last decade but are now hovering around $500 mark. Often, the demand is doubled if it is not met by the deadline

Botnet : A bot or a web robot is a malware that allows an attacker to take over a computer. A computer taken over by a bot is often referred to as a zombie computer. A botnet is a network of similar computers

DDoS : Distributed Denial of Service is called the older cousin of ransomware, where hackers overwhelm a machine or a server with traffi c from multiple compromised systems. A DDoS struck the servers of Dyn, which controls a lot of the domain name system (DNS) infrastructure, in 2016

Famous victims of wannacry

 

* French car maker Renault UK's National Health Service Russia's Interior Ministry

* Disney CEO Robert Iger said a hacker group has threatened to release one of its upcoming movies (suspected to be the new Pirates of the Caribbean or Cars 3 ) unless a ransom is paid in bitcoins. It is not clear if it is the same hacker group behind WannaCry.