WanaCrypt0r 2.0 is an exploit tool created by the US government (the NSA to be more precise). The tool uses a vulnerability which was present in most Microsoft Windows versions, but which was patched on March 14th, 2017 (currently supported Windows versions) and retrospectively in May for some older versions of Windows. This tool and others were stolen from the NSA last year by a hacker crew calling themselves The Shadow Brokers (TSB).
Who was affected?
Many companies and organisations were affected. To name a few:
- Many NHS hospitals in the UK
- the Ministry of Internal Affairs of the Russian Federation / Министерство внутренних дел, МВД
- the Ministry of the Russian Federation for Affairs for Civil Defence, Emergencies and Elimination of Consequences of Natural Disasters / Министерство России по делам гражданской обороны, чрезвычайным ситуациям и ликвидации последствий стихийных бедствий
- Choice Hotels
- etc, etc, etc
Why did it stop?
Allededly the spreading of the ransomware has been stopped by a UK cybersecurity researcher. He found and activated a kill-switch in the software. This switch was hardcoded into the malware, probably in case the creator wanted to stop it from spreading further. By registering a certain domain name, one which the ransomware checks before it starts encrypting, he was able to stop the ransomware dead in its tracks. It doesn’t cure already infected systems, but it keeps the ransomware from becoming active on any new machines (provided they’re connected to the Internet).
He also set up an online tracker, which illustrates the worldwide spread of the ransomware. Based on this data, the New York Times has created a nice animated map.
I hope this attack is an eyeopener for many people. The Internet is a (potentially) scary place, just like for example the highway. There are rules to abide to, common sense to stick to, and protection to use. There is a reason people don’t ride bicycles on the highway, but instead enclose themselves in a metal box, with safety belts and air bags. Cruising the Internet is no different. You also need your metal box (firewall), safety belts (antivirus software) and your air bags (backup).