Monday, May 15, 2017

Cyber attacks and ransomware attacks.

Last week the... Entire world... Was hit with a Ransomware attack that cripple computer networks all over the world.

A ransomware attack is basically when a hacker encrypts all of the files on your computer, rendering it useless. The hacker demands a ransom in exchange for giving you unlock key. Usually a low ransom, $300-$500 is most common. After you pay (The FBI does suggest you simply pay the ransom. Heh.), the hackers almost certainly give you the key. If they were known for not doing so, no one would pay. If you don't pay, your computer files are lost forever, unless you've backed them up and are willing to reconfigure the entire machine after having it reimaged. Either way, a headache.

Well, back to events. The world's largest ever hack attack, and it's a ransomware worm called "WannaCry" that is using an exploit called "Eternal Blue".

Eternal Blue is an exploit in Microsoft's OS that was discovered (Created?) by... You guessed it... The NSA. Now the NSA has a choice like it always does when it "discovers" and exploit. It can notify the company so they can fix it, or they can keep it secret for themselves for their own use. You guessed it again. They kept it secret.

Hacker group "Shadow Brokers" was able to glean this info from the NSA, either by hacking their networks or getting it through some anonymous source. They've turned it into a ransomware worm and are encrypting files on networks in at least 150 countries. A worm is a self-spreading computer virus.

The group demands $300 paid within three days for the unlock key, but if the amount isn't paid, they increase it to $600 to be paid in seven days. If no payment, no unlock. Done. The payments are demanded in the cryptocurrency, Bitcoin.

The attack has managed to cripple healthcare networks all over Great Britain and wreaked havoc across Europe. Some companies in the US have temporarily suspended use of their email systems in order to prevent infecting their networks.

The attacks slowed over the weekend but are expected to start up again... Today.

If healthcare networks are crippled easily by this, then why not other networks?

Automated train routing systems? Dam flow rate control systems? Stock market networks? Nuclear plant emergency cooling systems? The power grid? Telecommunications systems? Food distribution hubs? Water companies and other utilities? Sewage treatment plants? What about your "smart" cars and TVs?

Did I mention the power grid?

The last two largest hacks of all time, "Flame" and "Stuxnet" were both created and implemented by state actors (The US created both, possibly assisted by Israel). We already know this one was created/discovered by the NSA. What are the odds that it's being used by a state actor, as well? China? Russia? The US again? Or maybe it "escaped" like the Flame virus did. Or maybe it really is being used by non-state hackers. It's certainly possible today.

1 comment:

  1. Remember, all those boosted NSA hack tools were posted online for anyone to DL. Within those tools were other tools to spoof the attacking program's origins to make it appear that someone other than the attacker sent it. So when the US tells us that they have some evidence that "country X" was the culprit, I doubt it's that cut and dry. I haven't had time to run these in a virtual environment off line to see the effectiveness first hand, so I can't say for sure, but I have my suspicions...