‘WannaCry’ ransomware attack: What we know

The virus exploits vulnerability in Microsoft Windows software, first identified by the US National Security Agency. A 22-year-old cybersecurity expert known as MalwareTech slowed the attack by registering a domain name he discovered in the ransomware’s code.

Exploits used in the attack were drawn from exploits stolen from the NSA.

On Monday, the White House promised a fight against the Ransomware attack on 300,000 computers in 150-countries. Microsoft has made the decision, which they say is unusual, but is regularly seen during these high profile attacks, to provide a security update which includes Windows XP, Windows 8, and Windows Server 2003.

A 22-year-old United Kingdom -based cybersecurity researcher with a Twitter handle @MalwareTechBlog helped stem the spread of the cyber attack by buying the domain name associated with a “kill switch” that hackers built to stop the malware once the victims make ransom payments, the report added. The main challenge for investigators was the fast-spreading capabilities of the malware, he said, adding that so far not many people have paid the ransoms that the virus demands.

It is said that attack will hit both the private and public sectors.

“I still expect another to pop up and be fully operational”, Kalember said. Wainwright said Europol did not know the motive.

But he aimed his sharpest criticisms at the USA and other nations. Officials urged organizations and companies to immediately update their security software.

Beware of unknown emails, especially if there are attachments or links. Instead of having to develop their own arsenals of cyberweapons, they simply had to repurpose work done by the highly skilled cyber experts at the NSA, said Phillip Hallam-Baker, principal scientist at the cybersecurity firm Comodo.

Smith also noted that Microsoft released a patch almost two months prior for the very vulnerability the WannaCrypt ransomware exploited, but a failure to install the patch left hundreds of thousands – if not millions – of computers around the world vulnerable. For companies, it’s a combination of reasons, from ignorance to security just not being a priority. “It won’t be too late as long as they’re not infected”.

As almost 45 NHS organisations from London to Scotland were hit in the “ransomware” attack on Friday, patients of the state-funded countrywide service faced chaos as appointments and surgeries had to be cancelled. A large cyberattack crippled computer systems at hospitals across England on Friday, with appointments canceled, phone lines down and patients turned away.

The global attack could have been far worse if not for a pair of cybersecurity researchers, including Darien Huss, from MI, who stumbled on a kill switch hidden in the domain name the hackers were using.