The cyber attack which hit nearly 150 countries in the second quarter of 2017 is now contained. Mobilized for five days to stem the spread of a particularly virulent robbery software infected nearly 300,000 jobs in just five days. Luckily, WannaCry malware is no longer spreading as fast as it was at the start.
Most of the affected public institutions and large businesses claim to have retrieved their servers. The Renault factories targeted by this attack, and one moment paralyzed, have resumed their activity. The computer services of the UK healthcare institutions hit by the same malware were treated later.
According to the Europol, the number of infected IP addresses worldwide decreased by 38% compared with the initial attack. However, the extent of the damage remains unknown in many countries. Beginning with Russia and India, countries that were very impacted by this attack.
Despite the slight slowdown, WannaCry continues to spread rapidly, targeting companies around the world. With an attempt to intrude every three seconds, against one attempt per second, the threat remains important.
The deciphering of this malicious program made it possible to establish a link between the attacks which had targeted “Sony”. There are common lines of code between WannaCry and the malware found on the servers of the Japanese company. Contrary to this, the malicious software also had troubling similarities with the one used against the “Central Bank of Bangladesh” in February 2016.
Many similarities confirmed by the researchers of the Russian group “Kaspersky “accredit that this attack could have been prepared by the hacker “Lazarus Group”, which had made itself known in 2007 during a wave of attacks against South Korean companies. The nature of these targets had led the intelligence services of several countries to assert that the attackers were acting in favor of North Korea.
The nature of these targets had led the intelligence services of several countries to assert that the attackers were acting in favor of North Korea.
The fear of a mutant version of the virus
It is not excluded that a new version of this malware will arise in the coming days. More discreet and insidious that WannaCry has just appeared which is exploiting the same Windows flaw as WannaCry but intended to remain stealthy and even allowing to create virtual currency. This particularly unobtrusive new attack clearly demonstrates the potential impact of a cybercrime or a group of hackers who would decide to stealthily intimate themselves into an organization’s network over the long term in order to identify Intellectual property data, financial data, and sensitive emails.
Even if they had feared an incident of this type on the global network for several months, the violence of the attack surprised the professionals of cyber security. The speed of malware has been particularly dramatic. Detected for the first time, it was spotted a few minutes later on the five continents.
Years ago, Peter Tippett, a forerunner in cyber security, invented the term “virus disaster” to describe when more than 25 machines connected to a single network Infected, calling it a “tipping point” requiring a complete shutdown of a network.
The new WannaCry ransom ware, which locks all files on an infected computer until the user pays a ransom, appears to have plunged entire sections of critical infrastructure into a viral disaster around the world. This attack will be a key point in the evolution of cyber security.
Many questions remain, such as how this cyber-attack began. This is not a phishing campaign (where the virus is injected into servers through weighted emails of infected attachments). We are still looking for the entry point. This means that the door remains open for hackers!