Back to back ransomware attacks have had catastrophic effects individuals, businesses and nations as a whole.
If 2017 already hadn’t had its fair share of cyber-attacks, the world was introduced to another major cyber-attack on Tuesday, 24th October 2017. The virus which has been nicknamed “Bad Rabbit”, first unleashed itself with full force on Russian and Ukrainian infrastructure, taking down governmental and transportation organisations.
The virus, just like most of its predecessors, poses as an Adobe update, fooling its way into computers and locking down systems. What follows next is the usual extortion of money in exchange for the stolen valuable data.
2017 so far has been an unfortunate year for the cybersecurity universe. Businesses and corporations have been severely targeted. Bad Rabbit is just an addition to the extensive list of security meltdowns to happen in this calendar year. Below we talk about the most high-profile security breaches which have materialised so far, this year.
Shadow Brokers, a covert hacking group first came into the public eye in August 2016 when they claimed to have breached the spy tools of the elite NSA-linked operation known as the Equation Group. The group offered a sample of alleged stolen NSA data and tried to auction off a bigger booty, subsequently leaking data for Halloween and Black Friday in 2016.
April 2017, however, saw The Shadow Brokers make their mark with their most impactful release yet. It involved a trove of highly classified level alleged NSA tools, containing a Windows exploit identified as EternalBlue, which cyber criminals weaponised in two major ransomware attacks (see below).
Although the real identity of the Shadow Brokers is still a mystery, the group’s endeavours have invigorated arguments around the risk of using bugs in commercial products for gaining intelligence. Agencies tend to not disclose these flaws, instead of alerting the manufacturers of a particular software so they can release patches which would protect its consumers from the vulnerabilities. These tools hold the potential to endanger millions of software users if in wrong hands.
On May 12, the world witnessed what was essentially its biggest ransomware attack to date, targeting hundreds and thousands, counting public utilities and large corporations. Remarkably, WannaCry the ransomware, for the moment, crippled National Health Service hospitals and facilities in the United Kingdom, shambling emergency rooms, suspending vital medical procedures, and spreading chaos across British health and medicine industry.
Though powerful, the ransomware also had significant flaws, including a mechanism that security experts effectively used as a kill-switch to render the malware inert and stem its spread. US officials later concluded with “moderate confidence” that the ransomware was a North Korean government project gone awry that had been intended to raise revenue while wreaking havoc. In total, WannaCry netted almost 52 bitcoins, or about $130,000—not much for such viral ransomware.
WannaCry’s reach owes credit to the leaked Shadow Brokers Windows vulnerabilities, EternalBlue. Microsoft did release the MS17-010 patch for the bug in March, but apparently many organisations failed to follow it and were consequently exposed to WannaCry infection. Things have recently taken a bizarre turn as Britain’s Security Minister Ben Wallace claims WannaCry to be an act of North Korea.
A month later, came another surge of ransomware attacks on a global scale, which, to some extent also leveraged Shadow Brokers Windows exploits. This malware, named Petya (NotPetya/Nyetya/Goldeneye), was far more advanced and brutal than WannaCry in more than one ways but wasn’t unbreakable either. It incorporated ineffective and inefficient payment system.
Despite infecting many major business corporations in multiple places namely Merck, the US pharmaceutical company, Maersk – Danish shipping company, and Russian oil giant Rosnoft—researchers believe the ransomware was primarily a cyber-attack targeting Ukraine. The ransomware infected Ukrainian infrastructure mostly, upsetting utilities like power companies, airports, public transit, and the central bank, just the latest in a series of cyber assaults against the country.
The latest in the high-profile ransomware cyber-attack in 2017 is the Bad Rabbit.
The malware used for this cyber-attack was “Disk Coder.D” – a new variant of the ransomware which popularly ran by the name of “Petya” (read above). As per the media reports, many computers have been encrypted with this cyber-attack. Public sources have confirmed that Kiev Metro’s computer systems along with Odessa airport as well as other numerous organisations from Russia have been affected.
Bad Rabbit penetrated through computer systems by donning as an Adobe update and locking down systems in exchange for extortion money. Although cybersecurity experts have advised users not to pay any ransom as there is no guarantee attackers would fulfill their end of the bargain.
It can be concluded that all these cyber-attacks were connected in a manner that they started off where their predecessor left and only coming back stronger. Some accuse the CIA of fault by staying quiet about the EternalBlue vulnerability. One theory even goes as far as to question the intentions of US and with the past attacks seemingly being targeted towards Ukraine, one cannot just label it “stupid and baseless” and dismiss the whole argument.
So, we’re barely past the 3rd quarter and we have already witnessed four different kinds of attacks, each more impactful than its predecessor. With the way things have been so far, it’ll be interesting to see where the tide turns and what the future brings.
Maybe a new threat is waiting for the right time to strike. Maybe these have just been a part of a massive attack. Maybe some government really is involved in the series of these attacks. Or maybe not. Maybe it’s just a reality check. Maybe it’s a sign that the hackers have just leveled up their game and we really haven’t been able to cope with this fact. Whatever it is and has been so far, it seems 2017 has been a bad, bad year for internet users in terms of cybersecurity and a reminder that none of us can really feel safe unless we change our perspectives about the web and how we can at least prevent all of it from happening.
Tech and Cyber Security Blogger
Brad Haddin is a wordsmith who loves to explore the world of technology. What he loves even more is to take time out and express his feelings about the things and the gadgets he explores. Brad is also an avid gaming fan and when he’s not busy crafting sentences, he’s out there playing Overwatch and Battlefield on his Xbox One.