WannaCry Ransomware Is Not the First Instance of NSA Stolen Tools Being Misused

Some reports appeared in the press during early April that a hacker group known as the Shadow Brokers had broken into NSA’s ‘Top Secret Arsenal’ of tools and leaked the password. These tools could be used to gain backdoor entry into virtually any computer system. When this news first started making the rounds, few people gave attention to it.

However, all hell broke loose when the Shadow Brokers swung into action this Friday, wreaking havoc by encrypting and freezing data of over 20,000 computer systems across the world. With critical business data becoming completely inaccessible, these systems found themselves in a virtual hostage situation. It is almost certain that the global malware cyber-attack which was called WannaCry Ransomware was triggered using the stolen NSA tools.

The Modus Operandi

While the victim companies are frustrated that their systems have been turned into useless machines by Shadow Brokers, they are contemplating the next step – making the ransom payment of $300 as demanded by the hackers in Bitcoin, the crypto-currency that’s gaining in popularity across the globe. The affected parties have to take a decision fast as the ransom demand has a deadline too.

The targeted website has a countdown clock that tells them how much time they have to pay the ransom. If the first deadline is not met, the ransom amount is raised to $600. After seven days, all the data is permanently cleaned if no ransom is paid.

While this is the first known instance of the WannaCry Ransomware affecting computers in such large numbers and across diverse destinations, this is certainly not the first time that stolen NSA Exploit has been used to gain access to computer data surreptitiously and unethically.

The Other Instance

A botnet called Adylkuzz was stumbled upon by some researchers which they believe has been operating since April. This bot too has the same intention – making money but it does not take the file encryption route like WannaCry Ransomware. It instead forces the affected computers to mine for Monero, a counterpart of Bitcoin. It ranks among the top traded crypto-currencies of the world but does not perhaps have the brand popularity of Bitcoin. There are strong indications that a couple of payments totaling to around $30K has been generated using this modus operandi.

Computers without adequate and advanced protection are highly vulnerable to such attacks. In fact, a high-risk system can be brought down within 20 minutes flat using Adylkuzz according to cyber security experts. In practical terms, this might seem impossible to achieve but it does appear that cybercriminals are one step ahead of the security systems as they are using a variety of tools to hack into computer systems that apparently appear secure.

Security experts have discovered that Adylkuzz shuts down the SMB port that was used to force its way into the computer once the system is infected. This is to make sure that no similar malware can use the same vulnerable path and sneak in and capture the infected host. A second NSA exploit called DoublePulsar is also used during the infection process.

Where NSA Seems To Have Bungled

These attacks have brought into focus the logic of stockpiling of vulnerabilities by the government. Many agree that the NSA must be called upon to share a major part of the blame. That sort of codes should never have been part of their stocks in the first place as it violates the amended right to privacy. However, NSA is not the sole culprit. Developers too are to blame. It is important to stay away from risky things like downloading pirated software, music or movies. Malware is often the big price to be paid for such reckless actions.

Another step towards protecting your data and system is to keep all your apps updated and ensure that you are using the absolute latest versions that have a strong ring of security around it. Ensure that new apps are brought and installed only through the authorized app store. Keeping your operating system updated is another task that you must focus on. This might seem like a routine solution but you will be surprised to know many organizations do not follow this simple thumb rule of security. OS without the latest security patches are at the highest risk today. After all, WannaCry did make its way to numerous computers precisely through such gaps.

EternalBlue is the attack vendor for WannaCry according to security experts. It exploits a significant vulnerability in implementing SMB protocol of Microsoft. The software major had released a patch to fix the problem on various Windows OS such as Vista and 8.1 and many others. However, the older Windows XP remained out of purview of the security patch.

The WannaCry Ransomware messy episode shows what can happen when ethical hackers of the government cannot keep their virtual tools and weapons locked up tight and properly.That’s why it’s important to go for cloud backup services or DDOS attack protection to save your important data to stay away from such kind of threats and malwares.

If you don’t want to be a victim of the Wanna Cry Rasomware, Call us today at 1888-288-3570 or drop us a mail at [email protected]