Daily Sabah logo

Politics
Diplomacy Legislation War On Terror EU Affairs Elections News Analysis
TÜRKİYE
Istanbul Education Investigations Minorities Expat Corner Diaspora
World
Mid-East Europe Americas Asia Pacific Africa Syrian Crisis Islamophobia
Business
Automotive Economy Energy Finance Tourism Tech Defense Transportation News Analysis
Lifestyle
Health Environment Travel Food Fashion Science Religion History Feature Expat Corner
Arts
Cinema Music Events Portrait Reviews Performing Arts
Sports
Football Basketball Motorsports Tennis
Opinion
Columns Op-Ed Reader's Corner Editorial
PHOTO GALLERY
JOBS ABOUT US RSS PRIVACY CONTACT US
© Turkuvaz Haberleşme ve Yayıncılık 2023

Daily Sabah logo

عربي
  • Politics
    • Diplomacy
    • Legislation
    • War On Terror
    • EU Affairs
    • Elections
    • News Analysis
  • TÜRKİYE
    • Istanbul
    • Education
    • Investigations
    • Minorities
    • Expat Corner
    • Diaspora
  • World
    • Mid-East
    • Europe
    • Americas
    • Asia Pacific
    • Africa
    • Syrian Crisis
    • Islamophobia
  • Business
    • Automotive
    • Economy
    • Energy
    • Finance
    • Tourism
    • Tech
    • Defense
    • Transportation
    • News Analysis
  • Lifestyle
    • Health
    • Environment
    • Travel
    • Food
    • Fashion
    • Science
    • Religion
    • History
    • Feature
    • Expat Corner
  • Arts
    • Cinema
    • Music
    • Events
    • Portrait
    • Reviews
    • Performing Arts
  • Sports
    • Football
    • Basketball
    • Motorsports
    • Tennis
  • Gallery
  • Opinion
    • Columns
    • Op-Ed
    • Reader's Corner
    • Editorial
  • TV

WNCR Ransomware attacks target Windows users

by Çetin Kaya Koç

ISTANBUL May 24, 2017 - 12:00 am GMT+3
No Image
by Çetin Kaya Koç May 24, 2017 12:00 am

The recent "WannaCrypt" ransomware attack turned out to be a small global disaster.

The malicious software (malware) in question is first initiated remotely by an attacker, using an application-layer protocol called the SMB (Server Message Block). The protocol runs on Windows computers, but other popular operating systems (MacOS, Linux, Unix) support it too.

The SMB gives shared access to files, printers, serial ports and miscellaneous communications between nodes on a network.

Earlier on April 14, a particular exploit known as "EternalBlue" was published by a secretive hacker group who call themselves "Shadow Brokers." Last year, the same group had claimed to have stolen these files from another cyber-espionage group known as the "Equation Group," which many security firms claim is the Unite States' National Security Agency (NSA). The Shadow Brokers then put up the tools up for auction, but no one was interested in paying 1 million Bitcoin ($570 million at the time).

But, last week, the Shadow Brokers published the passwords to the files, which are now available in all popular repositories. Apparently, the Equation Group had been infiltrating banks and secretly keeping an eye on SWIFT transactions.

The files included in the dump indicate that Equation Group had targeted and successfully infiltrated the SWIFT Service Bureau of the Middle East (EastNets), one of the SWIFT departments managing and monitoring transactions across Middle East banks. What is really remarkable, the U.S. already had access to the SWIFT network for terrorism investigation purposes. Minutes after the EternalBlue passwords were available, security researchers started tweeting that "any attacker can download this simple toolkit to hack into Microsoft based computers around the globe," and that is exactly what happened.

The WannaCrypt ransomware started appearing and spreading in desktop computers globally and affecting more than 200,000 computers around 150 countries, according to the EU officials. Among them were corporate giants like FedEx, Renault, Telefonica (a Spanish telecommunications company) as well as services providers like the NHS, and German railway. However, the majority of the computers were in Russia and even though Microsoft published a patch for Windows, not every computer user has applied the security update. Moreover, legacy versions such as Windows 8 and Windows XP, which are commonly used in Europe and Asia, are vulnerable. No attacks on MacOS or Linux have so far been reported.

Once infected, the computer displays a message, where the hackers demand $300 worth of bitcoin within three days to unlock the files and threaten to double the fine, before permanently preventing access after seven days. Very few have paid the ransom. Apparently, $51,300 in 193 transactions was sent to the three bitcoin addresses connected to the malware. Then, the blame game started: The U.S. government, so to speak, the NSA has been blamed for developing tools and attacking computers used for banking and commerce.

Eventually, these tools fell into the hands of the attackers. We do not know and will very likely never know who these attackers were. At the same time, Microsoft has taken its share of the blame for not supporting the legacy versions of their software and operating systems. What was interesting is that the attackers demanded the ransom to be paid in Bitcoin; a vast majority the affected users probably did not even know what Bitcoin is or how to get one. Bitcoin is a distributed electronic currency protocol that allows its users to remain anonymous. We can safely guess that many governments around the world will try to make Bitcoin exchanges illegal in order to make it very difficult to change real money into Bitcoins. In fact, Bitcoin plunged more than $200 last week.

Now, we can only wait and see what the future brings.

  • shortlink copied
  • RELATED TOPICS
    fight-against-terrorism DEUTSCHE-BANK US-LIBYA-RELATIONS
    KEYWORDS
    life
    The Daily Sabah Newsletter
    Keep up to date with what’s happening in Turkey, it’s region and the world.
    You can unsubscribe at any time. By signing up you are agreeing to our Terms of Use and Privacy Policy. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    No Image
    Growing NFT craze: World's most expensive crypto artworks
    PHOTOGALLERY
    • POLITICS
    • Diplomacy
    • Legislation
    • War On Terror
    • EU Affairs
    • News Analysis
    • TÜRKİYE
    • Istanbul
    • Education
    • Investigations
    • Minorities
    • Diaspora
    • World
    • Mid-East
    • Europe
    • Americas
    • Asia Pacific
    • Africa
    • Syrian Crisis
    • İslamophobia
    • Business
    • Automotive
    • Economy
    • Energy
    • Finance
    • Tourism
    • Tech
    • Defense
    • Transportation
    • News Analysis
    • Lifestyle
    • Health
    • Environment
    • Travel
    • Food
    • Fashion
    • Science
    • Religion
    • History
    • Feature
    • Expat Corner
    • Arts
    • Cinema
    • Music
    • Events
    • Portrait
    • Performing Arts
    • Reviews
    • Sports
    • Football
    • Basketball
    • Motorsports
    • Tennis
    • Opinion
    • Columns
    • Op-Ed
    • Reader's Corner
    • Editorial
    • Photo gallery
    • Jobs
    • privacy
    • about us
    • contact us
    • RSS
    © Turkuvaz Haberleşme ve Yayıncılık 2021