Global Cyberattack: A Super-Simple Explanation of What Happened

Critical infrastructure agencies including banks, airports, telecom networks and stock markets have been asked to take precautions to shield themselves against the crippling global ransomware attack “WannaCry”.

Hundreds of Australian businesses and government agencies have been checking their IT systems this morning, if they didn’t already do it over the weekend, to determine what impact if any the recent global cyber-attack has had on their systems.

But those attacks – blamed on Russian Federation, which has repeatedly denied them – followed a different modus operandi involving penetrating the accounts of individuals and political organisations and then releasing hacked material online. Reports indicate that the bitcoin purse is filling up, as people desperate for getting control of their machines, are paying up.

In a statement Saturday, Europol’s European Cybercrime Centre, known as EC3, said the attack “is at an unprecedented level and will require a complex worldwide investigation to identify the culprits”.

Governments and computer experts girded Monday for a possible worsening of the global cyberattack that has hit more than 150 countries, as Microsoft warned against stockpiling vulnerabilities like the one at the heart of the crisis.

How did this happen?

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the USA spy agency. Security wonks are calling it the biggest cyberattack ever.

Local experts on Saturday scrambled to ensure hospitals and other public facilities did not fall victim to the massive ransomware operation, which had seen patients turned away and operations cancelled in Britain.

The Computer Emergency Response Team of Turkey tweeted that the “wannacry ransomware” is spread over Server Message Block flaws.

According to The Wall Street Journal, the malware is believed to be behind the attacks encrypt data on infected computers and essentially hold it for ransom.

The most important advisory by the CERT-In stated “individuals or organizations are not encouraged to pay the ransom as this does not guarantee files will be released”. Alternatively, the users can forget about these files, format their machines, reinstall all the software, and load the back-ups.

Ransomware attacks are on the rise around the world. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR. It appears that once the domain is found to be live, it acts to stop all further spread of the worm.

Europol’s Wainwright said few banks in Europe had been affected, having learned through the “painful experience of being the number one target of cyber crime” the value of having the latest cyber security in place. “MeitY has also requested Microsoft India to inform all their partners and customers to apply relevant patches”, the ministry said in a statement.

Microsoft has introduced a security patch to tackle the situation, and consumers across the globe have been advised to download the solution at the earliest. It was originally developed by the NSA and used as a backdoor into systems. Microsoft says now it will make the fixes free for everyone. This one worked because of a “perfect storm” of conditions, including a known and highly risky security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware created to spread quickly once inside university, business and government networks.

NSA was well aware for some time that its cyber weapons cache had been hacked.

Hong Kong-based Mr Ivezic said the ransomware was forcing some more “mature” clients affected by the worm to abandon their usual cautious testing of patches “to do unscheduled downtime and urgent patching, which is causing some inconvenience”.