In the past two month we have seen two major cyber attacks bringing some of the largest companies in the world to their knees. The first was the WannaCry ransomware, which affected more than 150 countries and crippled parts of the NHS. British cyber experts who have analysed the software worm believe it was created by notorious North Korean cyber gang, the Lazarus Group. This gang has carried out various attacks on companies and governments over the years, becoming more and more sophisticated over the years. In 2016, this group managed to orchestrate a bank heist, successfully stealing about US$81 million from Bangladesh Bank, a major upgrade from their first foray into cyber crime, focusing on unsophisticated distributed denial-of-service attack (DDoS) techniques to target the South Korean government in Seoul from 2009 to 2012.

malware1
Figure 1: Doesn’t it make you WannaCry? SOURCE: Techworld

The WannaCry attacks targeted individual computers by locking all data away from the user and demanding money for its release. The transfer of money was to be made through the popular cryptocurrency, Bitcoin, but the attack was flawed due to the fact that withdrawing the money would make it easy for the accounts to be tracked. With that being said, the attack itself raised over £ 100,000 and affected 150 countries, 300,000 people and over 60 of the UK’s NHS trusts. Thankfully the ransomwear can be removed using advanced anti-malware software or manually with a computer in ‘safe-mode’, though the latter is riskier as users have to go through sensitive system files to find and isolate files created by the Wanna Decryptor software.

Similarly on Tuesday, hackers launched blistering ransomware attacks against companies and agencies across the world, particularly targeting Ukranian businesses. This attack, called the Petya cyber attack, copied the same method of locking down the hard drive of computers and asking for money as WannaCry but was much more sophisticated, with big global brands — like Mondelez (MDLZ), the maker of Oreos, and British advertising giant WPP (WPPGF) — saying their IT systems are experiencing problems. Even more nefarious was the email account associated with the ransomware being blocked, so even if victims pay the ransom amount, their data would still be locked.

malware2
Figure 2: Careful, don’t let it Petya. SOURCE: Malwarebytes Labs

Interestingly, the ransom amount itself was only US$ 300, suggesting the attack was perpetrated as a front for causing wider disruption or making a political statement. By late Tuesday, roughly $8,500 had been deposited in Bitcoin accounts linked to the attack. The amount of money such attacks generate keeps going up. According to recent research from Symantec, the average ransomware attack made $1,077 last year, a 266% increase from the year before.  This is because a lot of people still end up paying the ransom amount, due to ignorance or convenience, even if cybersecurity officials always insist on never doing so.

It is pertinent then to ask if we are currently at risk from this software. It has been reported that regular consumers who have up-to-date Windows computers are safe from this attack. However, if there’s one out-of-date machine on a company’s network, it could infect other connected computers. This is because it uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft have released a patch for the flaw in March, but not all companies have used it. Throwing more intrigue into the mixture is the fact that EternalBlue was in a batch of hacking tools leaked earlier this year that are believed to have belonged to the U.S. National Security Agency.

The viral nature of the worm has an equally viral solution. Imagine an illness that spreads amongst the masses in a way that can affect the health of the whole population quickly. What is commonly used to stymie its spreading? A vaccine! Just like smallpox was vaccinated against using immobilised cowpox viruses, the Petya attack can be stopped by introducing a single file in the infected computer. By creating a read-only file – named perfc – and placing it within a computer’s “C:\Windows” folder, the attack will be stopped in its tracks.

malware3
Figure 3: To Petya or not to Petya, that is the question. SOURCE: Bleeping Computer

An explanation of how to do this has been posted by security news website Bleeping Computer and has been backed up by several other security experts. However, while the operation of the virus in that computer may be stopped, the spreading of it to more computers in the same network could not. This is due to the fact that researcher have still not found a kill switch with which to stop the spreading of the worm. This means the infected computer becomes a carrier of the worm, forever in danger of infecting other computers in its network. An inelegant but simple solution would be if a large majority of computers would have this vaccine, giving way to herd-immunity, where the virus can’t spread to vulnerable computers due to the fact that there are immune computers around them. Then again, it would be simpler if companies just updated their Windows like they should have.

All of this signifies how sophisticated and subtle warfare has become. The Petya attack, being so focused in the Ukraine, came just as the country was set to celebrate its Constitution Day. This suggests the attack was politically motivated, aimed to create chaos, not money, as an act of cyber terrorism. We have come far from the days when mortar and missiles were necessary to bring a country down. Now, a handful of skilled hackers can code worms, viruses and malware that can cripple not just governmental systems but also financial and economic databases. In fact, according to Stephen Fry, during a visit to Los Alamos, an official shared information that the USA’s cyber security is constantly under attack from China. About a million cyber attacks an hour! It is still unclear if this story is true but in the world we live in now, is it not possible?

The Fourth Industrial Revolution that pushes for greater automation and emphasis on cyber connectivity may inadvertently give way to more sinister attempts to cause chaos. We must be aware and vigilant of malware and cyber security if we are to take that leap forward into the future. For the good of us all.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s