The news of last week and possibly this week also, was the ransomware attack that suffered many companies.
The first to give the alarm was the Spanish telephone company Telefonica, but later it has been known that many more companies have been affected. With the passage of time we have learned that this is a phenomenon on a global scale and that the country most affected is Russia.
From what is known so far, the attack uses two very sophisticated techniques, which are out of the reach of ordinary users:
- To gain access to computers uses a security hole, which was known (and surely exploited) by public security agencies, such as the famous NSA. As soon as such a security bug became vox populi, Microsoft released a patch that prevented infection on computers equipped with Windows versions later than Windows 3, NT, 95, 98, 2000 and XP, which have already completed their Life and receive no updates. It is amazing that there are companies and public institutions that have vital data in old systems, without updating and unprotected. In fact, it is possible that a good part of the infections have occurred in computers that do have the update but did not apply it.
Just know the IP address of one of these computers (so simple for high-level cybercriminals as for you to see a car and know its license plate) to enter through this back door. On this occasion, it seems that hackers have also used one more vulnerability, to spread the infection to all computers and network disks that are connected through a Windows network.
- Once the “virus” is inside, a program is installed that searches for text files, spreadsheets, databases, graphics, presentations and documents of all kinds and changes the extension to one that requires one password. For that they ask for the money, to give you the password. It is assumed that once the bitcoins are paid, your computer is going to connect to a server, which will transmit to the hijacker program a password to decrypt the files in order to be able to go back to work
However, all this on the Internet is much more transparent than it seems. To get an idea, it is like hijacking someone and asking his family to send us the money by bank transfer to our account. Do you need a clearer clue to know who the kidnapper is than his bank account? In this case the situation is similar: the kidnappers ask for payment with bitcoins, which are transparent by nature (it is already known that in the first hours they collected approximately $ 6,000) and, secondly, to provide you the password, they have to send it from somewhere that is easily traceable (not for you and me, but for the NSA).
In fact it is possible that this attack fails because, actually, it seems that it has gone from the hands of its creators, to make them global terrorists (they are blocking even hospitals) and expose themselves to collect the money, would be like placing a bullseye on top.
So why do not these attacks stop?
Because some countries do not want: Russia, China and North Korea (mainly but are some more) refuse to give in their sovereignty to investigate, to persecute and to punish to criminals that, mainly, act in western countries, where the money is . As simple as that.
Anyway, let’s not forget, the Internet is owned by the United States Government and it is who decide who is in and who is out, so presumably there are strategic interests in keeping all those countries inside, before things would get really ugly.