Wednesday, June 28, 2017

Getting to Know More About WannaCry Ransomware Virus

Sedetik.net - News about WannaCry virus continues to this day whether it is in social media maunpun media. Previous Intelligent Zone has posted an article about Ransomeware WannaCry virus on "Introduce New Virus Ransomware WannaCry". The article is about the first news of this virus, the government's enthusiasm for WannaCry virus attacks, and the definition and workings of Ransomware virus that has caused a new type of malware that is WannayCry. Indeed from various information mentioned that the virus Ransomware WannaCry began to spread on Friday, May 12, 2017 and the victims of several hospitals located in the city of Jakarta.

As time went on, WannaCry development also continues to grow until now there are so many different WannaCry samples especially the 2.0 version. Because it is so dangerous this virus and disturbing the sharing of the country so many experts / computer security actors try to parse the program code of this virus. One of them is a fairly young IT workers managed to parse the virus program Ransomeware WannaCry so find the program part of the main rare virus to to infect the victim.

Figure 1. Stack of books (illustrations) (Source: Hadsec)


The found part is known as Kill-Switch which is a condition the program will run (infect) if the condition is met and if not fulfilled then the program will not run. (Can read the article "Here's The Latest Developments Of WannaCry Ransomware Virus, There's Latest Version" For full explanation).

WannaCry virus also has various sample or variant manmages such as WannaCry, WannaCrypt, WannaCryptor 2.0, and WannaDecryptor.

WannaCry Virus History
Some information says WannaCry is a hacker program code created by Equation Group. Equation Group is a company that works for NSA (National Security Act) USA.

This hacker program code resides in the NSA, but it turns out the program code was stolen by hackers who then use it for blackmail as it is today.

This program code utilizes the vulnerability vulnerability of a particular computer operating system Windows through SMB protocol (Server Message Block). Apparently, this gap has been known since the former with the title EternalBlue. Seeing this loophole, Microsoft Windows has released an update for security on March 14, 2017 which is named Patch MS17-010. The update is intended for Windows Vista operating system and above, while for Windows XP, Windows 8 and Windows Server 2003 newly released again on May 13.

Currently there is also no one reported that operating systems other than Windows such as linux, affected by the virus WannaCry. So many popping up that linux can not be infected with WannaCry virus.

Read also:
Here's The Latest Developments Of WannaCry Ransomware Virus, There's Latest Version
How to run iOS app on android
Recognize Symptoms and 5 WaysCry Ransomware Virus Prevention Steps

As described in the previous article, the WannaCry virus is distributed via email. A message that is sent in bulk with content / content in the form of links or file attachments. The contents of the message are made in such a way that the victim is made interested to read, open and download (if the file attachment form). If WannaCry succeeds in infecting victim's computer, then WannaCry virus also tries to infect other computers by deploying through port TCP 445.

Many of the effects caused by WannaCry virus is like:
  • Destruction, is felt because this virus locks the data along with the victim's computer.
  • Extortion, is based on the accusation of the perpetrator who requests a ransom to the victim.
  • Deployment, based on the effects of news or the spread of the WannaCry virus create anxiety and fear in various countries.
WannaCry as one type of Ransomware virus is the latest but the concept is the same as its predecessor (previous). There are several cases that prove that the technique / concept of WnnaCry virus also existed in ancient times, namely:
  • In the 1980s, there was a case of a virus diskette during an international AIDS conference by the World Health Organization. The name of the virus is 1989 AIDS Trojan. The virus is spread by someone who attended the conference. The information inside the floppy was intentionally locked with a virus and turned out to ask for a ransom of USD 189.
  • In 2006 there was an actor who used asymmetric RSA encryption that gave Archiveus Trojan his work technique to lock anything in the My Documents folder and needed a 30 digit password to open it.
  • In 2005-2006, Trojan GPcode also appeared which pretended to be an application for something work. This Trojan is deployed via email and this trojan uses RSA 660-bit public keys. After this virus appears, a few years later reappear the virus but using RSA 1024-bit public key.
  • Year 2006 appeared again a kind of predecessor virus known as Cryzip with the technique of compressing the file / data into the form of .zip given password and data / original file deleted.
  • Until 2017 the new virus appears WannaCry.
Source by Zonacerdas.

Best Sellers

Getting to Know More About WannaCry Ransomware Virus
4/ 5
Oleh