“As opportunistic attacks become more commonplace, discussions about best practice operational security should be on the agenda for all business owners.”
– Patrick Torney – eDot
The following article written by: Wired
The WannaCry ransomware attack has quickly become the worst digital disaster to strike the internet in years, crippling transportation and hospitals globally. As the unprecedented ransomware attack known as WannaCry unfolds, the cyber security community has marveled at the inexplicable errors the malware’s authors have made. Despite the giant footprint of the attack, which leveraged a leaked NSA-created Windows hacking technique to infect more than 200,000 systems across 150 countries, malware analysts say poor choices on the part of WannaCry’s creators have limited both its scope and profit. At last count, the group behind WannaCry has earned just over $55,000 from its internet-shaking attack, a small fraction of the multimillion-dollar profits of more professional stealthy ransomware schemes.
Over the weekend, Hickey dug into WannaCry’s code and found that the malware does not automatically verify that a particular victim has paid the demanded $300 bitcoin ransom by assigning them a unique bitcoin address. This does not bode well for the victim getting back their data and may limit WannaCry’s profits.