![crypto locker outbreak crypto locker outbreak](https://www.redeszone.net/app/uploads-redeszone.net/2017/09/synack-ransomware-350x165.jpg)
The exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.
#Crypto locker outbreak code#
The malware uses a vulnerability in the SMBv2 remote code execution in Microsoft Windows. The presentation (ransom note below) is done via an executable file and offers many options. Heavily customised and detailed interaction user/victim – The information displayed to the user explains in detail what has happened and what needs to be done (how to pay) to recover your files and it is translated and shown in 28 languages. The current estimation for infected systems with encrypted files is more than $55 000 and attackers want an average of £300 for endpoint recovery, that amounts to a hefty ransom sum (if 20 000 users pay, that is over 6 million dollars). If people pay and their files do not get recovered the rumour spreads and people accept their losses and do not pay anything. CC is very important for Crypto Viruses as these are usually created not to destroy but to extort money out of people who want their files recovered and recovery is done via this backchannel by supplying the key. The technique is adding anonymity to the guys running the botnet (hence the creators of the malware).
#Crypto locker outbreak download#
OK, that has been done before so not quite unique but very hard to implement as the malware needs to download a whole lot of files to the end user device to make this work. A researcher found it by looking at the malware (reverse engineering it) and he was not sure why is was there, so he registered the domain and luckily helped in stopping the spread (the malware checks if that domain is alive before attempting worm like spread in the same L2 network)īotnet Command and Control centres are located in TOR (the onion router)
![crypto locker outbreak crypto locker outbreak](https://thebl.com/wp-content/uploads/2019/01/1546403012303-Ohio-State-s-Haskins-savors-Rose-Bowl-win-is-mum-on-future-700x366.jpg)
The virus had a kill switch designed by its creators, a hidden nonsense long domain that if alive will make the virus stop spreading.
#Crypto locker outbreak Patch#
One important note was that many government, slow and big organization (due their sheer size and bureaucracy) are still running Windows XP and since XP is out of life and support, there was no patch for it – An example for such organization was the NHS. General security admins had more than two months to patch their systems as official patch from Microsoft was released quickly after the leak (official patch was released on the March 14 th). The second opinion is that not a single discovered vulnerability should remain hidden, the more people are aware of the threat, the more people can react to it.
![crypto locker outbreak crypto locker outbreak](https://cdn.slidesharecdn.com/ss_cropped_thumbnails/viruscryptolocker-150213080119-conversion-gate02/thumbnail-large.jpg)
This is usually the opinion of non-hardened security guys since it loudly shouts – Security through Obscurity or the ostrich effect. One opinion is that the vulnerability should have never been leaked so bad guys would not be aware of it and hence would not be able to exploit it. Here the Security Industry in the world are divided in their opinions. The animation was made possible because the authors of MalwareTech, could hack into one of the Command and Control domains and gain control over it so they can trace the incoming call home requests from the hacked machines (keep in mind that this does not depict the whole spread of the virus as MalwareTech operated in EST time and the spread in Europe and Asia was already going for some hours).Īnother unique thing – the virus exploited a vulnerability in Windows OS systems that was used for years by the NSA and GCHQ government agencies but only revealed for the public a couple of months ago (by the ShadowBroker dump on the 14 th of April) The WannaCry outbreak is the quickest spread of malware ever (over 100 countries with many affected endpoints in a matter of hours). We could easily say that lives are at stake as sometimes more critical operations had to be postponed or done without important tests/scan results. How does that affect the UK? – The NHS is badly crippled (more than 30 hospitals reported malware spread), patients are being turned away, important data such as scans and personal test results are lost and planned surgeries are cancelled.
![crypto locker outbreak crypto locker outbreak](https://www.pcrisk.com/images/stories/screenshots20147/cryptographic-locker-wallpaper.jpg)
The UK was hit the hardest, especially in the Health Sector, with Spanish Telecom – Telefonica, along with Portuguese & Argentinian telecoms and Russia. As you might be aware this Friday (12 th of May 2017) there was a massive outbreak of a new type of crypto virus dubbed WannaCrypto aka WannaCry.