Tuesday, May 16, 2017

Trojans and RansomWare explained in light of WannaCry RansomWare

Over the past week, around 200,000 systems are believed to have been hacked by wannacry ransomware. Let's start with some background first, and then move into the details-

Trojans

Before you know what Ransomeware is, it's important to know what trojans are. We can broadly classify malicious computer programs into 2 categories-
  1. Spread wildly and attack destructively
  2. Spread surgically and attack covertly
The first category comprises the typical viruses that infect your computers, get inside your USB, copy themselves to every avenue they can. They slow down your computer, limit it's functionality, and in general, make a lot of changes that make them easy to detect. These, in general, serve no particular useful purpose for the writer of the malicious code, other than perhaps giving them the lulz or maybe some sense of accomplishment. Also, once spread, there is very limited amount (or none at all) amount of control that the writer of the malicious code has on it's actions.

The second ones are the precisely crafted viruses called trojans. These hide behind legitimate files, spread only through very few avenues as seen fit by their programmer. Let me make this point a bit clearer-
  1. Most viruses would copy themselves to all devices attached to the infected system, try to spread via the network, internet etc. from the infected system.
  2. Trojans will not automatically copy themselves. They will stay hidden and inactive.
As with everything else, the means of spread of trojan is also precise. The malicious code writer will hide them behind a legitimate file, and then spread this file using social networks, spam mails, etc. This way, only those computers will get infected that the attacker wants to infect.

What are some examples of trojans-
  1. Remote Administration Tools (RATs) - These are trojans which, when installed on the system, silently position themselves in such a way that they allow the attacker to control the system remotely. This means that the attacker can browser all your files, read all your data, see what you're typing (hence get all your accounts and passwords), get a live feed of your screen, and access your webcam. As you can clearly see, as opposed to other viruses, trojans have specific use for the malicious author. He now controls the infected computer.
  2. Botnet - This is a special use of a freely spreading trojan whose purpose is to infect as many computers as possible with a RAT like functionality but less control on who gets infected. This reduced control and increase rate of spreading is important because of the purpose of a botnet. Botnet is basically a large network of infected computers which the attacker uses to do his bidding. They are often used to carry out DDOS attacks. Suppose the trojan spread to 1000 computers (a very small number, there are HUGE botnets out there). The attacker can then use these 1000 computers to simultaneously attack websites and take them down. Another use for botnets is bitcoin mining.
Recently, a new use for trojans has been seen-

Ransomware

If you have been paying attention so far, you'll notice that once infected by a trojan, a computer's files are under control of the attacker. That means he can easily say- "Give me money or I'll delete all your files". Unfortunately for the attacker, once the victim sees this message, the trojan is no longer covert. The victim may install an antivirus, backup his important data to the cloud/ external storage media/ USB, etc. 

So, the attacker needs to do something which is equivalent to deleting, but reversible. Also, the reverse procedure should require the consent of the attacker. There is one solution - Encryption. If you know what encryption is, then you should see by now what's up. Otherwise, here's a simpler explanation (though not entirely accurate)-

What the attacker can do is similar to what happens when you find a compressed archive with a password. If you know the password, you can uncompress the archive, otherwise not. So, the attacker will take all files except the System files (without which your computer won't work), put them into a compressed archive with a secure password, and then delete the uncompressed files. 

Once he's done with compressing (encrypting really) everything, he'll inform you about what just happened, and tell you to pay him a certain amount in bitcoins in exchange for the password of the compressed archive (i.e. the decryption key). If you don't pay up, he will delete the compressed archive and your data will be lost forever. Even if you manage to remove the ransomware after it announces it's presence, it's a bit too late. You avert the possibility of data deletion but that doesn't mean that you can now get your data back. You still don't know the decryption key, and unless there's a cryptographic flaw/weakness in the encryption scheme used by the attacker (basically weak password is used), it's almost impossible to find the key and decrypt the data.

What's special about WannaCry?

So while there have been ransomware around for quite some time, this one has spread to epic proportions. Why?

NSA, Shadow Brokers and EternalBlue

The credit for this goes to NSA for discovering the EternalBlue exploit and Shadow Brokers for releasing it to the public. I won't delve into further details of this, but EternalBlue exploit can hack any Windows machine which didn't have the patch for it. What does that mean?

The standard Windows security update on 14 March 2017 resolved the issue via security update MS17-010, for all currently supported Windows versions.
"The issue" referring to the vulnerability. However, many systems have automatic updates disabled and didn't have the patch. All these machines were vulnerable to this attack. Considering how often people end up disabling automatic updates (because they're annoying), you can imagine the scale of the EternalBlue exploit. This is the reason why this particular ransomware was able to spread so quickly.

WannaCry

At this point, you already have enough background necessary to understand what WannaCry is, on your own. You know it's a ransomware, and you know it uses EternalBlue to infect computers. The details can be seen n the pic below-

  1. Files have been encrypted
  2. You need to pay $300 via bitcoin
  3. If you don't pay within 3 days, you need to pay $600
  4. If you don't pay in a week, all files will be deleted permanently.



This is it for this article.
Suggested reading : https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html - This guy slowed down the spread of the ransomware by registering a domain which he felt was suspiciously present in the source code. His diligence saved people a lot of money and hassle. (Oversimplified summary, please read post for more accurate analysis)

10 comments:

  1. Very helpful, thanks

    ReplyDelete
    Replies
    1. ⚡️✅MEET THE REAL HACKERS✅⚡️

      I Always Feel Bad Whenever we receive complaints from Clients About The Hackers They Met Before They Heard about us.
      These Days There Are alot of Hackers Online, You Just Have to Be Careful about who you meet for help, because many people now don't know who to ask for help anymore but there's really an actual solution to that which I am giving you for free, Don't go for the cheap Ones which I know you understand what I'm saying like hackers using gmail and other cheaper email accounts ⚠️🚷 that could be easily hacked you know, why would a REAL HACKER want to use something that brings out his vulnerabilities? ❌❌ ❌ it's really so sad that they even lack creativity to the extent that they show their frustrations to people. so you see they are really not who they say they're, they are just here to Rip people Off You Can Always Identify Them With Their False Write Ups and False Testimonies Trying To Lure you Into their Arms.❌❌❌ and my advice really goes out to you looking for a Real Hacker that's a heads up so that you would fall deep into their trap no more.🚷⚠️⚠️⚠️

      ✅COMPOSITE HACKS is here to Provide you with The Best Hackers, So you can get saved from The Arms of the Fake Hackers❌❌

      ✅We have Legit Hackers and Private investigators at your service. πŸ’» Every member of our team is well experienced in their various niches with Great Skills, Technical Hacking Strategies And Positive Online Reviews And RecommendationsπŸ’»πŸ› 

      ✅We have Digital Forensic Specialists, Certified Ethical Hackers, Computer Engineers, Cyber Security Experts, Private investigators and more on our team. Our Goal is to make your digital life secure, safe and hassle-free.
      Some Of The Services we render includes:
      * Website hacking πŸ’»
      * Facebook and social media hacking πŸ“²
      * Database hacking, & Blog CleaningπŸ› 
      * Phone and Gadget Hacking πŸ“²
      • CREDIT CARD Loading ( Strictly USA & UK Credit Cards Only) πŸ’³
      * Clearing Of Criminal Records ❌
      * RECOVERY OF LOST FUNDS ON BINARY OPTIONS money πŸ’°
      * Location Tracking πŸ“²
      and many More

      ✅We have a team of seasoned PROFESSIONALS under various skillsets when it comes to online hacking services. Our company in fact houses a separate group of specialists who are productively focussed and established authorities in different platforms. They hail from a proven track record Called “HackerOne” and have cracked even the toughest of barriers to intrude and capture or recapture all relevant data needed by our Clients. Some Of These Specialist Includes ⭐️ PETER YAWORSKI ⭐️FRANS ROSEN⭐️ JACK CABLE ⭐️JOBERT ABMA⭐️ ARNE SWINNEN ⭐️And More. All you Need To do is To Write us a Mail Then We’ll Assigned any of These Hackers To You Instantly.

      Feel Free To Mail Us Anytime

      ✅CONTACT:
      * Email:
      compositehacks@cyberservices.com
      * Wickr: compositehacks


      ★CONTACT US AND GET YOUR PROBLEMS SOLVED IN THE TWINKLING OF AN EYE

      Delete
  2. That informative. so how did WanaCry ransomware exploited windows vulnerability and whats that vulnerability

    ReplyDelete
  3. Hi. Have u heard about McFly? I accidentally found it

    Blockchain-powered software platform for eVTOLs - flying vehicles with electric engines and vertical take-off/landing (like drones, but larger and able to carry people). (from its site: https://goo.gl/prnn7a)

    What do u think?

    ReplyDelete
  4. Today you will show Sqlmap's work! Which is already in ink linux! You can use Nessus, Vega, Acunetix for Windows to know whether a site is eligible for SQL Injection! The software will get Google A search!

    For Kali Linux youo can use Vega, Power Fuzzar! Kali linux Tutorial

    ReplyDelete
  5. I never knew it was possible until a friend of my who is studying computer science in Massachusetts Institute of Technology told me about these Chinese computer geniuses he knew Soft tech geeks. They helped me clone a credit card to my dad's account and now I can spend Dad's money without him knowing. Contact them for any tech job you need. softtechgeeks@gmail.com

    ReplyDelete
  6. πŸŽ†THE HACK GEEKSπŸŽ†
    Have you ever wondered if it's possible to hack things the way hackers do it in the movies.😡😡

    Yeah its possible!!!😁😁😁
    Hacking can easily be done by planting a computer virus or spyware(depending on what the hacker intend to do) in the targeted device.πŸ™‡

    We at THE HACK GEEKS give you the best hacking service there ever is.πŸ‘ŒπŸ‘Œ
    We have got the top hackers in hackerone.com that are always ready to hack for you anytime ,anywhere, any device, organisation, federal agencies, university, college you just think of it.
    Do you want:
    *To Hack, Clone or Track a Phone?πŸ“²
    *To Sniff, Erase or Change a file in a Company, Organisation or in a Federal agency?πŸ“–
    *To get lost BitCoin?πŸ’°
    *To hack an Email or any Social Media account?πŸ’ž
    *To Transfer funds without been detected?πŸ’³
    *To increase your credit score?πŸ”πŸ”

    All these are what we can do for you.

    We are descrete and won't expose our service to you to anyone.
    Contact:
    thehackgeeks@gmail.com
    We look forward to hacking for you.πŸ™πŸ™

    ReplyDelete
  7. ✅ ✅ MEET THE REAL HACKERS ✅✅

    Hello,

    I’m Nicholas Shields I’m the Marketing Manager Of The Hack Team COMPOSITE HACKS, We Are Hackers Who Specializes in All Kinds Of Legit Hacking Services, I'm really concerned about sharing my views on this advert cause many people now don't know who to ask for help anymore but there's really an actual solution to that which I am giving you for free, Don't go for the cheap Ones which I know you understand what I'm saying like hackers using gmail and other cheaper email accounts that could be easily hacked you know, why would a REAL HACKER want to use something that brings out his vulnerabilities? it's really so sad that they even lack creativity to the extent that they show their frustrations to people. so you see they are really not who they say they're, they are just here to Rip people Off and my advice really goes out to you looking for a Real Hacker that's a heads up so that you would fall deep into their trap no more.

    * So hit me up to get to experience real life effective hacking Services, I Will Link you Up with some Legit Hackers That you never believed you could meet, such as FRANS ROSEN, BEN SADEGHIPOUR, PETER YAWORSKI, JOBERT ABMA, JACK CABLE and More.

    ✅CONTACT:
    * Email:
    compositehacks@cyberservices.com
    * Hire a Hacker!
    * Want faster service? Contact us!
    * HackerOne©️LLC 2018.
    * All Rights Reserved ®️

    ReplyDelete
  8. CLASSIC CYBER HACKS
    How well are you prepared for a Cyber incident or Breach?, Is your Data safe?

    Strengthen your Cybersecurity stance by contacting CLASSIC CYBER HACKS for a Perfect, Unique, Classic and Professional Job in Securing your Network against all sort of Breache, for we are Specially equipped with the Best hands to getting your Cyber Hack needs met

    We specialize in All type of cyber Jobs such as:

    #TRACKING of GPS location, cars, Computers, Phones (Apple, windows and Android), e.t.c.
    We also track E-mail account, Social media such as Facebook, Twitter, Skype, Whatsapp, e.t.c.

    #RECOVERY of Passwords for E-mail address, Phones, Computers, Social media Accounts, Documents e.t.c,.
    NOTE: we also help Scammed persons recover their money.

    #INSTALLATION of Spy ware so as to spy into someone else's computer, phone or E-mail address and also Installation of Spy ware software on your individual O.S to know if your Gadget is being hacked into..
    We also Create and Install VIRUS into any desired computer gadget.

    #CRACKING into Websites, CCTV Survelance camera, Data base etc, of both Private and Govt organization, such as Schools, Hospitals, Court houses, The FBI, NSA e.t.c

    NOTE: We specialize in clearing of CRIMINAL RECORDS of diverse types.

    * We assure you that your Job will be attended to with care and efficiency as it will be handled with the Best professional hands in Cyber Hack business.

    #We also have a forum where you can get yourself equipped with Advanced hacking skills
    And if you're Good with Hacking and you think you can Join our Team of SOPHISTICATED HACKERS, you're welcome as well...
    CLASSIC CYBER HACKS gives you the Best service in the Hacking world.
    * We're Classic Hacks *

    Write us on:

    *Classiccyberhacks@gmail.com
    *Classiccybernotch@gmail.com

    Signed,
    Collins .A.

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC