Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC's infected. A major ransomware outbreak hit Chinese internet users earlier this year in April. For about a week, a ransomware strain known as WannaRen made tens of thousands of victims among both home consumers and local Chinese and Taiwanese companies. Looking back, in retrospect, four months later, WannaRen's virality can be explained due to the fact that its code was loosely modeled after WannaCry, the ransomware strain at the heart of the May 2017 global outbreak. Just like their inspiration, the authors of the WannaRen ransomware incorporated the EternalBlue exploit into their infection chain, allowing WannaRen to spread without restrictions inside corporate networks before encrypting and ransom files.
North Korea was behind the WannaCry ransomware attack that caused chaos around the world earlier this year, according to the US government. "After careful investigation, the U.S. today publicly attributes the massive WannaCry cyberattack to North Korea," Thomas Bossert, US Homeland security advisor, wrote in an article for the Wall Street Journal. "North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behaviour is growing more egregious. WannaCry was indiscriminately reckless," Bossert said. The WannaCry attack in May was the biggest crisis of its type so far.
A new wave of apps appearing in the Google Play Store purport to protect devices against the WannaCry ransomware attack that infected hundreds of thousands of computers around the world earlier this month, but may present their own security risks. Security firm McAfee found a number of apps in the Google Play Store that appear when a user searches "WannaCry." Most are guides and reminders to patch Windows to protect against the ransomware attack or pranks that make it appear a device has been infected, but several prey on concerned users while loading malicious services. McAfee classified an app called WannaCry Ransomware Protection a potentially unwanted program, with the app offering no actual protection and instead displaying ads and attempts to get the user to download more related apps. The WannaCry Ransomware Protection app does contain a scanner feature that can detect a few malicious ad libraries -- a feature that appears to be hijacked and repacked from another app.
Funds collected by the WannaCry ransomware attack that held hostage hundreds of thousands of computer systems around the world earlier this year have started to be withdrawn from online bitcoin wallets. A total of 52.2 bitcoins, valued at about $143,000, were withdrawn from the wallets overnight. The withdrawals, which were made in increments of about $20,000, started around 11 p.m. ET on Aug. 2 and completed at 3:25 a.m. The withdrawals were confirmed by by Elliptic, a London-based security firm that monitors and tracks bitcoin activity. According to the firm's tracker of bitcoin wallets associated with WannaCry, the accounts have been drained in their entirety.
Since the WannaCry ransomware ripped through the internet late last week, infecting hundreds of thousands of machines and locking up critical systems from health care to transportation, cryptographers have searched for a cure. Now one French researcher says he's found at least a hint of a very limited remedy. The fix still seems too buggy, and far from the panacea WannaCry victims have hoped for. But if Adrien Guinet's claims hold up, his tool could unlock some infected computers running Windows XP, the aging, largely unsupported version of Microsoft's operating system, which analysts believe accounts for some portion of the WannaCry plague. On Friday, Guinet released "WannaKey" to the open source code repository Github.