The hackers that created the global “WannaCry” ransomware, based on a leaked NSA hacking exploit, probably didn’t expect their creation to be this big, security expert John Safa told Radio Sputnik.
On Friday, computer systems across the world were attacked by hackers in an attack dubbed “WannaCry,” which uses an NSA exploit codenamed EternalBlue that was one of several tools leaked by the Shadow Brokers last month.
The tool exploits a vulnerability in Microsoft‘s Server Message Block which allows attackers to crash systems with a denial of service attack. After scrambling computer files, the malware demands upwards of $300 in Bitcoin to restore documents.
The cyber-attack hit nearly 100 countries, with Russia and the UK being among the most affected. The infections disabled at least 16 hospitals in the UK, Spain’s main telecommunication services provider Telefonica, the Russian telecommunications provider Megafon, some Italian universities and the international shipper FedEx. It also attacked but was contained in other systems, among them the Russian Interior Ministry.
Security expert John Safa, founder of Pushfor, a secure messaging and content sharing platform for businesses, told Radio Sputnik that the hackers who devised the WannaCry virus probably didn’t expect it to wreak as much damage as it has done.
“It just went wild, this is a big one. We’ve seen other ones that have had this sort of impact before but this is probably the biggest and had the largest impact. My view is that the hackers didn’t actually anticipate it being this big,” Safa said.
“The actual virus is typically spread as an email attachment and this is the typical way the payload attacks your machine. You then click on the link or run the program or open the content, and the malware then gets onto your machine and then spreads through another vulnerability, what is called an SMB network issue that then allows it to spread.”
“Then what happens is, it looks for files, not only on your machine but also shares what you have with your network server and starts encrypting files. Obviously, it’s very difficult to decrypt them because you don’t know the key.”
The virus was able to spread so rapidly because although Microsoft quickly patched the vulnerabilities exposed in the Shadow Brokers leak, many organizations hadn’t yet upgraded their software. Larger organizations tend to stagger their updates over several weeks as they are tested by administrators for compatibility with intranets and other internal systems.
“Someone’s developed a Windows malware that basically exploits a hole that was in Windows. Microsoft had patched it fairly quickly but a lot of companies hadn’t upgraded their machines so this vulnerability then spread.”
The leak and consequent hack demonstrates the vulnerabilities of computer systems and the necessity of regularly upgrading and backing up systems.