There are different types of ransomware, according to Microsoft. rir , demanding money to decrypt . This was worse than the Melissa virus and most pop ups that tell people there may be a virus on their computer and give them a number to call for repairs.
They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or health care provider.
Ransomware—What it does
- Prevent users from accessing Windows.
- Encrypt files so people can’t use them.
- Stop certain apps from running (like the web browser).
Ransomware will demand payment of money (a “ransom”) to get access to the PC or files. We have also seen them make the user complete surveys.
There isn’t any guarantee that paying the fine or doing what the ransomware told one gave them access to their PC or files again.
The ransomware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn’t get paid, often with a timer attached to ramp up the pressure.
Ransomware WannaCry—The North Korean connection
Technical details within an early version of the WannaCry code are similar to code used in a 2015 backdoor created by the government-linked North Korean hackers, who were implicated in the 2014 attack on Sony Pictures and an $81m heist on a Bangladeshi bank in 2016. Lazarus Group has also been known to use and target Bitcoin in its hacking operations. The similarities were first spotted by Google security researcher Neal Mehta and echoed by other researchers including Matthieu Suiche from UAE-based Comae Technologies.
This didn’t mean, however, that the same group or groups are responsible for the major cyber attack that occurred over the weekend. Anyone with computer coding knowledge could easily duplicate the effects of a ‘false flag’ thereby confusing those assigned to find the culprit. That is only if they can find the original code, which appeared to not be in later versions of the WannaCry program.
The WannaCry exploits used in the attack were drawn from a cache of exploits stolen from the NSA by the Shadow Brokers in August 2016. The NSA and other government agencies around the world create and collect vulnerabilities in popular pieces of software (such as Windows) and cyber weapons to use for intelligence gathering and cyber warfare.
How did Ransomware WannaCry differ from the Melissa Virus?
The ransom ware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn’t get paid, often with a timer attached to ramp up the pressure.
Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user’s address books. While it does not destroy files or other resources, Melissa has the potential to disable corporate and other mail servers as the ripple of e-mail distribution becomes a much larger wave. Melissa caused the Microsoft Corporation to shut down incoming e-mail. Intel and other companies also reported being affected. The U. S. Department of Defense-funded Computer Emergency Response Team (CERT) issued a warning about the virus and developed a fix.
This reminded me of the pop up alerts of a possible virus being on my computer and giving the user a supposed 800 number to call for repairs. The computer tech requested payment before proving their ability to fix the problem. The same thing happened in August 2014. The person on the phone, a foreigner with a thick Indian accent, saying he was affiliated with Microsoft, warned me of the same thing and spent the next seven hours trying to gain access to my laptop unsuccessfully. This same company ‘bothered’ me for the next four or five months until my reporting them to the credit card company and FTC. The ironic thing was that someone with a thick Australian, English, or New Zealand accent called me a year later claiming the same thing. I relayed the same story to the FTC again.
At this time, that company has called me twice. The first time, the PCSpeedy affiliate said they no longer support Windows XP. Microsoft support ended in April 2016. The last two phone calls stated that they lost their affiliate status from Microsoft and had to pay its customers back.
Ironically, Microsoft issued a special fix for older Windows operating systems in custom support only, like Windows XP, 8 and Server 2003, to prevent the massive ransomware attack that occurred in the UK last weekend. Even more extraordinary, the ransomware program had a kill switch, discovered by someone in their early 20s. For the moment, the attack has lessened. Microsoft has warned the public that no on should continue using older Windows operating systems.