WannaCry Malware – The Tip of the Iceberg

Over the last 16 months we have been speaking and publishing research on the topic of Ransomware, Spear Phishing and Business Process and Email Compromise attacks and how these integrated cyber-attacks are becoming more targeted, planned and orchestrated. These methods are highly effective and are becoming pervasively used by the criminal underground within the dark web.

The recent WannaCry Malware outbreak is a perfect example of how orchestrated and dangerous these attacks have become. We believe this recent attack is just the tip of the iceberg and the next generation of attacks is just beginning to emerge.

The next generation of cyber-attacks will more than likely utilize a number of “old-school” mob and criminal attack techniques but will integrate them with cyber-attack methods. This integrated attack approach will include but not be limited to:

  • Profiling and analysis of the target companies, industries, individuals
  • Reconnaissance of the target companies, industries, individuals
  • Pre-attack simulations or pilots via phishing, ransomware, other automated exploits
  • Development and testing of multiple attack approaches and techniques including manual and automated methods
  • Deployment of comprehensive and orchestrated multi-touch attacks across various areas of the value and supply chains
  • Creation of storefronts and businesses within the dark web used to launder bitcoins and the formation of fraudulent local websites and physical retailers (individual brokers or locations that are fronts) to buy-sell stolen or pirated products purchased with the bitcoins

About WannaCry Malware

WannaCry Malware is a type of ransomware that targets windows based systems and holds the infected systems hostage until payment has been made. This is done through a process of encrypting some or all of the files on the hard drive such as documents, pictures, and music files. The Malware then requests a payment of $300.00 but then doubles if not paid in 3 days. If after 7 days no payment has been made it will erase the encrypted data on the drive permanently.

One of the methods of spreading the WannaCry Malware uses an exploit that was released by Shadow Brokers Dump in April 2017 that was part of the NSA leak which nicknamed the exploit EternalBlue.

This Malware infection grew rapidly towards the end of last week and by Monday of this week, it has affected more than 230,000 computers across 150 countries around the world. These statistics make the WannaCry outbreak the worst case of ransomware attack to-date, due to the speed of infection.

Again, due to the small amount of ransom being requested through the WannaCry attack, we believe this recent attack is a pilot attack that is being used to gather intelligence and information on certain industries and areas of the market so a larger more strategic series of attacks can be designed and then orchestrated.

The Best Defense is a Strong Offense – How to Prevent a Ransomware Attack

If you do not want to fall victim to this type of ransomware attack, there are a few precautions that can be taken as posted by Microsoft at the link below:

https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07

 

Article written by Tyler Rathjen