What Is a Ransomware Attack?
On March 7, 2017, WikiLeaks began releasing a series of hacker tools known as Vault 7. This included malware, ransomware, host services, intelligence documents, as well as a list of known operating system vulnerabilities. The information and tools in Vault 7 were stolen from the US National Security Agency (NSA) and the US Central Intelligence Agency (CIA). The vulnerabilities list, known as Zero Day Exploits, was taken from the CIA. It is, as the name describes, a list of vulnerabilities that exist in desktops, mobile devices, and servers. The CIA reportedly has not shared this information with the respective manufacturers.
Part of the Vault 7 known as Year Zero, was taken from the CIA’s Center for Cyber Intelligence. Year Zero is a compilation of documents detailing the activities of the CIA and the 2012 French elections.
This month’s WannaCry attack spread globally to hundreds of thousands of unpatched business and personal computers. EternalBlue is malware developed by the NSA to take advantage of the Microsoft Windows vulnerability that allowed WannaCry to infect thousands of computers. Prior to WannaCry, Microsoft issued an update in March 2017 that patched the vulnerability that allowed WannaCry to work.
What is Ransomware?
Ransomware is a type of malware, commonly referred to as a computer virus. Malware is any type of unwanted application or code that causes harm to a server system, computer. The category includes computer viruses, worms, Trojan horses, ransomware, and spyware. Malware steals data, blocks access to a system, removes files, replaces data or otherwise causes damage.
Ransomware is a form of malware that allows hackers to take control of a system or block access to it. Sometimes ransomware is used to threaten individuals or businesses unless certain conditions are met. Ransomware demands a form of payment or action (the ransom) in exchange for returning control of the system. There is, of course, no guarantee that control will be returned to the system owner when the ransom is paid.
WannaCry infected machines running the Microsoft Windows operating system. After encrypting a computer and blocking all access to it, it then demanded $300 payable in Bitcoin.
What is a Ransomware Attack?
A common malware attack tactic is to send an email to a user. The email typically appears to come from someone the recipient knows or a place they do business with. The email prompts the recipient to click on a link. These emails can be phishing scams which attempt to gather personal information from the recipient like credit information or a social security number. Clicking a link can also download malware and install it on the computer.
Once the malware is on a machine, it then begins to steal data, erase files, or some other damage. In the case of ransomware, it restricts access.
Malware also works to spread itself to other computers, encrypting systems, or files along the way. Malware can be spread through internet downloads, pop-up boxes on websites, sharing USB drives, or vulnerabilities in outdated applications.