Featured Image for High-profile Aussies targeted by ransomware stolen from the NSA

High-profile Aussies targeted by ransomware stolen from the NSA

A cyber attack named “WannaCry”, which affected more than 200,000 people in over 150 countries over the weekend, has made its way to Australia.

ABC News reports that at least one Australian company appears to have been targeted by the attack, with the possibility more in the days to come.

“We are now getting reports that there might be two other incidents so that would bring the total number of incidents in Australia to three,” Dan Tehan, Assistant Minister for Cybersecurity told ABC News, “…what we are seeing is the exact same features that have occurred overseas: a freezing of their IT systems and a ransomware note.”

Tehan called the attacks a “wake-up call” and added government departments would protect the small-to-medium-sized private sector business that are targeted.

It is thought that the cyber attack hit Britain’s National Health Service (NHS) first and spread from there. According to The Washington Post, it then moved on to networks in countries including Germany, Spain, China, Russia and India.

Famous whistle-blower Edward Snowden tweeted that the malware used in the attack is a ransomware stolen from the U.S. National Security Agency (NSA).

The hackers use the tool to encrypt files within targeted computers, “locking” the files and making them inaccessible. After this, a ransom is demanded to release the files, typically $USD 300 in Bitcoin.

Wana_Decrypt - screenshot

Wired reports that WannaCry (also known as WannaCrypt and Wanna Decryptor) attacks a vulnerability called MS17-010 which is linked to Microsoft machines and can affect Windows Visa, 7, 8, 9, 10 and versions of the Windows Server software.

Microsoft fixed MS17-010 in its March release, but it is likely that the NHS and other affected entities did not patch their devices in time to counter the attack.

The attack caused widespread disruptions to the NHS, interrupting medical procedures across hospitals in England and Scotland. The attack also appeared on screens in Deutsche Bahn, Germany’s national railway service, but did not affect any trains.

Things could have been much worse if it wasn’t for the work of an unnamed 22-year old British cybersecurity researcher.

The researcher, known only by the Twitter handle “MalwareTech” discovered a “kill switch” that halted the massive outbreak.

According to The Guardian, MalwareTech teamed up with Darien Huss from the security firm Proofpoint and they found the kill switch hardcoded into WannaCry. It was presumably placed there just in case the hackers wanted to make it stop.

The kill switch involved a very long and nonsensical domain name that the malware makes intermittent requests for. If that domain is live, the switch takes effect and the malware stops spreading. MalwareTech told The Guardian he bought the domain name for the bargain price of just $USD 10.69, thus stopping the spread of the malware.

Although MalwareTech prefers to remain anonymous, The Guardian did uncover that he is self-taught and still lives at home with his parents. Since making headlines, MalwareTech has tweeted that he has been “doxxed” by journalists.

He also warned that the next version of WannaCry might not be so easily dealt with. In the meantime, Windows machines should be patched immediately.

About the author

Stefan is an Adelaide-based freelance writer. In his spare time, he plays tennis badly, collects vinyl and brushes up on his Mandarin. Follow Stefan on Twitter

Leave a comment