Was WannaCry Worth It?

"The fact of the matter is that governments and businesses around the world should not only feel old, they should feel humiliated and disgraced." -- Adam Currie via TheDuran.com per ZeroHedge

On Friday, May 12th, 2017, over 230,000 computers and servers that were still running the long-outdated Windows XP platform were hit by a variation of the WannaCry virus. People in 150 countries were affected, notably thousands of patients seeking health services in the U.K. Apparently, during an era when City of London bankers have enjoyed unprecedented wealth, the health services in the U.K. have been too underfunded to keep up with their Microsoft patches and operating system upgrades.

Interestingly, the Ransomware attack didn't make much of a splash in the U.S. which passed the day largely unaffected by the attack. On the other hand, Russia was unhappily one of the countries who saw the infection within its borders. Some news bloggers have suggested this might have something to do with the prevalence of pirated copies of Windows software sitting all over Russian desktops. Naturally, those copies are always update-free.

This 2-minute news video from Al-Jazeera asks UK residents to describe what they came up against last Friday morning when they checked in at hospitals and clinics:

https://www.youtube.com/watch?v=cVq9FHgDFMQ

ZeroHedge re-posted comments by Adam Currie, as referenced at the top of this page which, in essence, stated that people get the viruses they deserve. You can't ignore those annoying Windows Update demands forever. According to the UK Mirror, a whopping 140 million computers are still running Windows XP. And that means this brush fire might not yet be permanently extinguished.

MalwareTech Guy to the Rescue

The interesting part of this hacker event was how its killswitch became evident. A hacker group known as Shadow Brokers is being blamed for the incident. The website DrGregScott.com explains what happened:

"Apparently, the US National Security Agency found a Windows vulnerability at an unspecified time in the past and kept it a secret. Somebody penetrated the NSA earlier this year and stole more secrets, including this vulnerability, and a group that calls themselves Shadow Brokers published it. Somebody looked at what Shadow Brokers published and built a malicious software package around this vulnerability to scramble documents, emails, databases, and pretty much everything useful it can find. The malicious software also searches the network to which it’s connected for other vulnerable systems, copies itself to those systems, and exploits the vulnerability to launch a copy of itself on the new system. Once unleashed, it spread fast, shutting down a large telecom carrier in Spain and several hospital chains in England. Apparently, the Russian Interior Ministry and several universities in China were also victims. It’s come to be known as the WannaCry worm."

https://twitter.com/MalwareTechBlog/status/863364498215890948

A dynamic duo comprised of two geek extraordinaires named "Kafeine" and "MalwareTech" inadvertently discovered WannaCry's killswitch. Once you hear how the virus suicided itself, you might wonder admiringly at its simplicity. According to this summary at JSonline.com [linked here]:

"MalwareTech noted that Kafeine passed him the sample so he could begin to reverse engineer it to see how it did what it was doing.

One of the first things MalwareTech noticed was that as soon as it installed itself on a new machine, the malware tried to send a message to an unregistered Internet address, or domain name.

He promptly registered that domain, so he could see what it was up to. This was at around 3 p.m. in London, 10 a.m. ET.

The registration wasn't done on a whim, he noted. "My job is to look for ways we can track and potentially stop botnets (and other kinds of malware)," he wrote on his blog.

However, in doing so, MalwareTech had inadvertently stopped the entire global attack in its tracks, though it took him and others awhile longer to realize it.

"Humorously," he wrote, "at this point we had unknowingly killed the malware."

The malware contained computer code that pinged an unregistered Web address, and if it didn't get back a message saying the address didn't exist, it would turn itself off. Computers that were already infected with the ransomware weren't protected but the ransomware stopped spreading except in isolated systems, said Williams."

The virus was expecting some particular domain address to be a "dead" bounce-back domain. For as long as the domain bounced back its pings as undeliverable, the virus continued living. But when that domain got registered as a "live" domain address, it stopped bouncing back the pings. And then the virus died and the brush fire from last Friday got halted. For now.

Not Much of a Ransom

I wondered if any of the victims actually paid the Bitcoin ransom. According to KrebsOnSecurity.com, only a handful of people paid up. Other news reports have mused that, with so much public scrutiny on this WannaCry attack, it's unlikely that the perps will risk detection by actually picking up their loot. Krebs said that only $26,000 was paid by the victims to the hackers [linked here]:

"As thousands of organizations work to contain and clean up the mess from this week’s devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam."

That begs the question if this attack might have been the work of somebody who really doesn't need the money. Or perhaps it was done for the usual hacker sociopath notoriety motives: "I climbed the mountain because it was there" type of thing.

Dead or Just Sleeping?

As noted above, 100 million computers still run Windows XP and are still vulnerable to attack. Could it happen again? You bet it can. In fact, a computer virus, like the real thing, can mutate. That same website of DrGregScott.com comments on the likelihood of a second appearance of the virus:

This specific outbreak is contained. But it’s trivial to introduce another strain without a kill switch, or that checks for a different domain name registration. Just like biological viruses mutate, WannaCry will too.

That website has more Q&A's on the whole WannaCry affair plus a link to Microsoft's WinXP update page if you need to get the patch. And shame on you if you do.

Yes, yes, we all hate sitting like an idiot in front of our Windows screens wondering how an update can be "100% complete" and yet unfinished at the same time. So if that is exactly what you are doing right now, I'll leave you with a classic croon from Lesley Gore to pass the time:

https://www.youtube.com/watch?v=mCPqaG8sVDE


My contact information with link to my Karatbars portal are found at my billboard page of SlayTheBankster.com. Listen to my radio show, Bee In Eden, on Youtube via my show blog at SedonaDeb.wordpress.com.

https://www.youtube.com/watch?v=UsIp3YdCXBU

6 Comments

Bankster Slayer

"When I look back on all the crap I learned in high school, it's a wonder I can think at all." -- the "Kodachrome" song by Paul Simon, 1973


I grew up in a quiet, small, city east of the San Fernando Valley, Los Angeles County, in Palmdale, California. I'm not quite old enough to remember the assassination of JFK, but do remember the assassination of Brother Bobbie on an early summer's day. I was finishing up my first grade at the elementary school just up the street from our suburbia house. Maybe that was when I became self-aware that something wasn't right. When I saw the events of that day unfolding on our new color TV, I remember a thought passing through my 6.5 year old mind. And silly me assumed that everybody else was also holding this same belief because it seemed so obvious to me:

 

"The President and his brother must have been killed by the same people."


I don't know how a little first-grader was able to come up with that conclusion. That certainly wasn't the sort of idea you would expect to be rumbling around the brain of a little kid. But it kept rumbling in mine and still does, to this day.


The people of my generation passed through the Space Race, the Vietnam War, Watergate, the Disco Era, Yuppies, the World Wide Web, and Irrational Exuberance. Throughout this entire period, a relentless Matrix Machine has been whirring in the background of our lives, unnoticed and largely unchallenged. In fact, that Machine has been whirring for centuries.


I guess it was inevitable that the 6.5 year old kid who once questioned the official doctrine of the Kennedy assassinations would one day swallow her own Red Pill. And so I did, following the 2008 Crash, as I watched the financial lives of my parents and myself collapse into disaster as the equity of our homes evaporated into the dry Arizona air.


I finally came to that moment as have so many readers and contributors of Rogue Money, that day when you finally stop and ask "Why did this happen?" I started reading, researching, listening. Gradually the bricks of The Matrix began to crumble. The monstrous beast was no longer hidden from view. 


And so I join this team of writers and readers who are all trying to Slay the Bankster Beast in their own way. We carry on with confidence because no Evil has ever stood forever against the onslaught of Truth. Undaunted, we move forward.

 
You will find that my contributions to the Rogue Money web site will focus on the deep history that created The Matrix in the first place. In other words, you won't find any opinion forthcoming on this-or-that presidential election ... unless you are talking about the overthrow of regimes 2- or 3- thousand years ago. In that case, I might be interested!


I make no apologies if what you hear steps on the toes of a long-cherished paradigm. I am just A Messenger. In fact, you will find that my blogs will invite your comments to provide additional pieces of information that perhaps you may have gleaned from your own research. I have many holes that need filling.


You've been told what, how, when, and where to think your whole life. I leave it up to you to exercise your own Mind and take appropriate Action to slay the monster for yourself.


My own web site, Twitter page, Facebook and some-time blogs are found here if you care to visit: 
1. SlayTheBankster.com 
(promotional site. Karatbars affiliate)

2. sedonadeb.wordpress.com
(my blog that started it all)

3. Posts on BeforeItsNews.com 

4. twitter.com/banksterslayer

5. www.facebook.com/debra.caruthers