Dangerous New Version Of WannaCry Ransomware Set To Be Released By Hackers; ‘Does Not Contain “Kill Switch” Used By 22 yr.-Old Cyber Security Analyst To Shut Down Version One — Unfortunately, This Is Likely To Get Much Worse — Before It Gets Better
The British newspaper, The Independent, reports that the hackers who released ransomware last Friday that sparked a worldwide, massive cyber event — are on the verge of releasing WannaCry 2.0. — a more devastating version of the malware which continues to havoc in many parts of the globe.
Costin Raiu, a researcher at the Moscow-based cyber security firm, Kaspersky Lab, told The Hacker News that “they had already seen versions of the malware that did not contain the website domain name used to shut down the program; but he later back-tracked saying “my bad,” and this was not actually the case,” Ian Johnston wrote in the May 14, 2017 edition of The Independent. “However,” Mr. Johnston added, [cyber] security experts warned, it was likely only a matter of time before this did happen; and [they] urged [people] to install a security patch released last month by Microsoft.”
Mr. Johnston notes that “hidden in the [malware’s] code, was an unregistered web address, which the virus would always try to contact, when first infecting a computer. If it [the computer/device] received a reply, it would shut down; but if not, it would carry out the attack.”
“A 22 yr.-old [cyber] security analyst known as MalwareTech, who wishes to remain anonymous, registered the website, unknowingly activating the shutdown process,” Mr. Johnston wrote. “However,” this same anonymous source, “warned that it would be easy for hackers to change the coding in a “worm” used to infect computers with WannaCry to remove the domain name. MalwareTech told the Hacker News that they had stopped only one version of WannaCry, which is known by various versions of the same name.”
“WannaCrypt ransomware was spread normally, long before this; and will be long after, what we stopped was the SMB worm variant,” MalwareTech said, “referring to the program that affected nearly a fifth of NHS Trusts [hospitals/medical facilities] in England; and, scores of businesses and government departments around the world.” The Independent reported.
MalwareTech “retweeted a message saying people who were unable to patch their computer, could disable Server Message Block version 1 (SMBv1), linking to Microsoft’s instructions about how to do this. Mr. Raiu wrote on Twitter that his initial belief that the kill switch had been removed from WannaCry had been mistaken,” Mr. Johnston noted.
“My bad — finished analyzing all #WannaCry worm molds we have; and, they all have the kill switch inside. No version without a kill-switch yet,” MalwareTech warned.
The scale and swiftness of this particular malware worm is unprecedented; and, no matter who is ultimately responsible for this devastating hack — this unfolding event has no doubt given Iran, North Korea, al Qaeda, the Islamic State and others an opportunity to learn how disruptive these kinds of attacks can have; and, perhaps stimulated their thinking about how to carry out a potentially catastrophic, Cyber Pearl Harbor-type cyber attack.
Journalist and author Tom Friedman had a best-selling book, “The World Is Flat,” in 2005, in which he talked about how technology was flattening out-dated hierarchical structures and entities; and inter-connecting people and businesses globally. Now, the developed world is becoming network dependent, as opposed to network enabled — and, it is not surprising that as the world becomes more network dependent — there will be those darker angels of our nature who will seek to profit from this dependency. Ransomware has allowed hackers and cyber thieves to develop and employ low-cost cyber tools and techniques, that can have high, negative consequences, if the victim ignores, or chooses not to comply with their demands.
In some sense, this wide-scale cyber attack should serve as a wake-up call that the chances of a Black-Swan cyber attack are increasing; and, it may be only a matter of time before one of these events cause a large-scale loss of life. The Internet of Things (IoT) holds tremendous promise to improve our quality of life, and greatly enrich our lives. But, it is also probably only a matter of time before we have our first serial killer in cyber space, our first “Dr. No” in cyber space; and/or, a Cyber Pearl Harbor type Black Swan event. This is likely to get much worse………before it gets better. V/R, RCP.