WannaCry Ransomware Could Cause Massive Destruction If Hackers Didn’t Use Flop “Kill Switch” Tactics
- Salman Ahmed
- January 2nd, 2019
WannaCry Ransomware is one of the widely spread digital nuclear strikes in years. It vanishes global online banking systems, transportation, and health care institutions substantially.
However, it seems like due to some major loopholes in this so-called deadly ransomware demonstrates the amateur skills of hackers.
Since the anomalous ransomware, also recognize as “WannaCry” (or Wcrypt) comes into notice, the cybersecurity professionals have pointed out strange blunders made by hackers.
Despite the notable impact of WannaCry ransomware that also exposed NASA Windows hacking technique, due to poor tactics, hackers dig their graves when it comes to profits.
The coding of web-based “Kill Switch” option is one the primary blunder made by hackers. This Kill Switch option immensely reduces the impact of the deadly attack. Moreover, mishandling of Bitcoins in the form of ransomware makes super easy for cybersecurity professionals to track hackers’ transactions.
According to various cybersecurity professional due to “Kill Switch” glitch, even hackers are not capable of tracking transaction like who has paid the ransom and who has not.
In the latest WannaCry ransomware attack, the hackers earned a minimal amount of $55,000. There is no doubt that the impact of Ransomware is huge, but hackers only get a small bag of pennies.
When you compare the profit of WannaCry attack to other gigantic ransomware attacks, it shows great failure due to lack of coding skills.
“From a ransom perspective, it’s a catastrophic failure. High damage, very high publicity, very high law-enforcement visibility, and it have probably the lowest profit margin we’ve seen from any moderate or even small ransomware campaign.”
That small amount of money may partially provide a pillar for WannaCry hackers basic ransomware functions. Furthermore, Hickey also discovered spooky coding error in malware. The code he discovered revealed that the malware is not capable of verifying payment made by users, which is $300 bitcoin.
Despite providing unique bitcoin address, the ransomware offers one of four hard-coded bitcoin addresses. It means the payments don’t have verification details. The hackers itself need to find out which PC contains there ransomware and from where the transaction is made. Further, he stated that:
“It is a manual process at the other end, and someone has to acknowledge and send the key.”
Hickey’s also found that hackers are not so skillful to decrypts the infected users PC even after getting the payment.
According to his testing, he monitors the system of one WannaCry victim who pays the hackers 12 hours ago and still didn’t receive any decryption code. On this, he stated that:
“They’re not prepared to deal with an outbreak of this scale.”
Furthermore, using only four hard-coded bitcoin addresses to receive the payment against ransomware attack leads to create hefty transaction problems for hackers. And it also becomes very easy for cybersecurity professional to track hackers’ payment activity. All the transactions are transparent on bitcoins’ public account ledger.
“It looks impressive as hell; because you think they must be genius coders to integrate the NSA exploit into a virus. However, that’s all they know how to do, and they’re basket cases otherwise”. That they have hardcoded bitcoin addresses, rather than one bitcoin address per victim, shows their limited thinking.”
The identification of blunders made by WannaCry hackers does not stop here. Another glitch found by Cisco Researchers that “Check Payment” coded in malware is useless because it doesn’t check if any bitcoins have been sent or not. Instead of that:
“It randomly provides one of four answers—three fake error messages or a fake “decryption” message. If the hackers are decrypting anyone’s files, it’s through a manual process of communication with victims via the malware’s “contact” button. Or by arbitrarily sending decryption keys to a few users to give victims the illusion that paying the ransom does free their files. Moreover, unlike more functional and automated ransomware attacks, that janky process provides almost no incentive for anyone actually to pay up. “It breaks the entire trust model that does ransomware work,” According to Cisco team findings on WannaCry.
WannaCry ransomware has spread with super sonic speed on a massive scale that any other ransomware never succeed before.
Hacking NASA Windows technique is known as “Eternal Blue,” seen as one of the biggest outbreak in digital world history by WannaCry Ransomware.
But despite accepting WannaCry spreading ability, its developers made gigantic code errors. They inexplicably built a “kill switch” into their code. Designed to reach out to a unique web address and disable its encryption payload if it makes a successful connection.
Researchers have speculated that the feature might be a stealth measure designed to avoid detection if the code is running on a virtual test machine.
However, it also allowed a pseudonymous researcher who goes by the name MalwareTech to simply register that unique domain and prevent further infections from locking up victims’ files.
Another updated version of WannaCry came into notice by the Middle East-based Cyber Security Researcher “Matt Suiche.” He notices different “Kill Switch” address this time.
According to Suiche, he was still in shock that how amateur these hackers are since they have not coded their malware to redirect to ransom URL rather than the static one built in the code:
“I do not see any obvious explanation for why there’s still a kill switch. Making the same mistake twice, especially one that effectively shuts WannaCry down makes little sense. “It seems like a logic bug,” he says.
Due to all these reasons, WannaCry malware being able to earn very limited profits. Even it has all the potential of breaking down systems in a large organization like hospitals and subways.
There is no doubt that apart from small profits, WannaCry infected devices on a massive scale globally. Moreover, for this many professionals concluded that this malware attack is not just for money. Despite that,