While WannaCry has made headlines for its prolific spread (and use of Windows Exploits), by and large it has been a total failure for the attackers themselves. This is because from a technical (or more so “business”) standpoint, WannaCry is/was not a good product.

Let’s talk about why. First of all, ransomware in general has become a money machine for organised crime syndicates. But only a fool wouldn’t realise this is because significant research and development has gone into creating their “product”. As a result, they generate literally millions of dollars for their vendors.

[mk_blockquote font_family=”none”]WannaCry has so far made about AUD$120,000 dollars.[/mk_blockquote]

WannaCry has so far made about AUD$120,000 dollars. Because of the way the WannaCry writers have crafted the malware, they are only using three Bitcoin wallets to accept payments from victims. And because of the way Bitcoins work, you can see the payments right here.

This is highly unusual. Most ransomware will create a unique Bitcoin wallet so payment can be verified. It’s very important to note that WannaCry cannot verify you have paid your ransom so under no circumstances should you pay it.

WannaCry also had a built in kill switch in the form of a URL that prevents WannaCry from starting its encryption routine if a connection is successfully made. Unfortunately the WannaCry vendors forgot to register that URL so somebody else did, rendering WannaCry useless.

As a result you can see a live map of where WannaCry would have struck at https://intel.malwaretech.com/pewpew.html

In retrospect this is all pretty funny, especially since Australia got through it all pretty unscathed. But in reality it is the alarm bell for a new form of ransomware that more sophisticated attackers will learn from and in turn develop more refined and dangerous malware delivery methods.

In a future attack, your anti-virus may mark the suspect email as spam. Failing that, it might notice and stop the encryption routine. A clever security researcher may be able to stop the encryption payload mechanism by the time your machine gets infected. Windows may patch the vulnerability before it is exploited in the wild.

But you can always restore from backup. Provided of course, that you have a backup. So it’s important (today, right now important) that you know your backup is recoverable, timely, not directly accessible (as in ransomware can’t delete/encrypt it while on its rampage) and a few other things that make sure your backup is safe and dependable.

CR&T can do this for you. Unfortunately it is chargeable, but it may be the best insurance you ever buy. Call or email and we’ll get started – we’ll also check the appropriate Windows Update has been installed to prevent the WannaCry exploit. Even though WannaCry has been effectively shut down nothing prevents someone else from using the same exploit on unpatched systems.

[mk_blockquote font_family=”none”]But you can always restore from backup. Provided of course, that you have a backup.[/mk_blockquote]

Subscribe to the latest news, malware alerts and more from CR&T

* indicates required

Recommended Posts