This is a big one that happened globally this month and it put the previous malware attacks to shame during the Windows XP days and especially that even my previous computer was infected back then with things popping up out of nowhere, indecent computer performance due to something running in the background and other things that slow the computer down. That ransomware is called, the Wannacry/Wannacrypt, or whatever you may want to call it. I guess that it is both a ransomware and a worm, demanding victims to pay up to decrypt the data and get it back and the cyber attack spread so quickly like wildfire as a worm. I have some guesses that the attackers have the most mischievous and childish behavior. To put an end to their future one day may cause a serious emotional reaction from them like they can deny whatever childish shit they did. Anyway, there won’t seem to be a point in paying up to get your data back but the best thing is that such attacks shouldn’t happen to your computer in the first place. By having to pay up to the attackers, there may be a chance for them to plan another attack.
The cyber attack targeted systems running Windows including the servers and even embedded systems. I AM NOT KIDDING about even embedded systems becoming the victims! It had targeted tons of organizations including the standard users and the solutions by the tech companies and security researchers were already outpaced by the attackers by this time with the new version of the attack that goes against the kill switch.
Generally, without data backup, security patches and even the latest virus database, you’re already screwed if your data is encrypted by the attackers. What do you do when that happens? Do you reinstall Windows or something? Even using the other hard drive isn’t going to help and don’t bother paying up the ransom.
This isn’t the ordinary cyber attack everyone has discovered as the attackers might have used the tools that were leaked from National Security Agency. The tools were leaked by another cyber-attack group called The Shadow Brokers, without the agency’s knowledge but from the amount of exploits discovered by Microsoft, they were fixed with patches you should get via Windows Update. Originally, before the leak, the tools had been used for surveillance but the leakage already opened doors for other cyber-attackers and investigation is going to take months or years to find the culprits behind the attacks.
Right now, I’m not infected with this cyber catastrophe but being vigilant from cyber-attacks is one important key as there’s a chance of the malware being evolved after the solutions are discovered or something for instance.
Lastly, about embedded systems infected by this, there are already such cases like in these picture tweets for instance:
Do you expect the manufacturers to deploy the patched OS in addition to the main embedded programs? You can call the staffs about such non-ordinary technical problems you’ve seen but the thing is, are they able to take technical actions like that? In case of arcade staffs, reinstalling the OS along with the latest update of the game isn’t going to drive that ransomware away. WHERE IS THE FIREWALL FOR THOSE MACHINES? Will the games still work without lag while the firewall stuff is running? And do you include the firewall and antivirus software in the Windows embedded system? Jeez, when the Windows embedded machine starts, either it goes to the desktop mode awaiting commands from the user, or it starts up the program automatically after login. By the way, the tweets are entirely in Korean and the cyber-incidents took place at some arcades in Korea but I hope that I don’t see such bullshit in the local arcades as well.
It’s a cyber catastrophe at a global level and if the culprits behind it are not found ASAP, who knows what will happen next?
One more thing I forgot to mention is about disabling the SMB as the workaround to this extraordinary cyber threat. In addition, Microsoft already had released the important security patches that you should apply like I already did. Well, I sort of patched my computer with the April and May security rollup patches but it seemed that I wasn’t able to get the January one. Not to mention that even Windows Defender/Microsoft Security Essentials has the latest virus database so it looked like Microsoft said that Windows 10 users are secure with it and the security patches. However, there is a fear/worry that this safeness will not last long. I can also hope that even the editions of Windows that don’t support running EXE files should be patched as well. Lastly, needless to say, catching cyber-criminals is no easy task. Not only is the investigation taking months to years or something, but also the fact that they have to be careful in tracking down the cyber-criminals without violating people’s privacy. Violating people’s cyber-privacy is unacceptable even by mistake as there will be lawsuits against organizations or perhaps cyber-criminals.