I was talking with my friend Gary Berman, aka “Cyber Hero”, you know – the man behind the curtain at the wildly popular CyberHero Adventures comics?
We were discussing one of his main characters, Wilbur WannaCry, one of the worst cyber villains in recent history. Everyone said Wilbur was all locked up and safely behind ‘cyber bars’….is that really the case?
In the heart of Wilbur, is an evil villain. He wants to propagate across your network using a long exposed SMB protocol v1 vulnerability. Have you removed this point of weakness in all your Windows software or are you accidentally running some computers with SMB v1 running? You can upgrade all the way to v3 and not worry about Wilbur or his friends who are copying his method of worming through networks exploiting this vulnerability.
While this article is from 2018, exclusively at CDM, Tal Wilderman of Visuality Systems explains it so well, please read this article and take action.
Wilbur WannaCry’s profile (source: Wikipedia.org):
WannaCry is a ransomware attack that took place May 2017 worldwide by this ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated through EternalBlue, an exploit developed by the US National Security Agency (NSA) for older Windows systems that was released by The Shadow Brokers a few months prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry’s spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life. WannaCry also took advantage of installing backdoors onto infected systems.
The attack was stopped within a few days of its discovery due to emergency patches released by Microsoft, and the discovery of a kill switch that prevented infected computers from spreading WannaCry further. The attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars. Security experts believed from preliminary evaluation of the worm that the attack originated from North Korea or agencies working for the country.
In December 2017, the United States, United Kingdom and Australia formally asserted that North Korea was behind the attack. A new variant of WannaCry ransomware forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories in August 2018. The virus spread to 10,000 machines in TSMC’s most advanced facilities.
If you think Wilbur’s all locked up and safely behind cyber-bars, he has friends and some of them are just waiting for the right time to strike. Make sure you are fully patched, train and retrain against spear phishing attacks and read more at https://www.cyberheroescomics.com/
Thanks to Tal, Gary and Wikipedia for contributing content to this article. Once a week we will cover another Cyber Hero or Cyber Villain exclusively from Gary Berman’s Cyber Heroes.
Gary S. Miliefsky, Publisher
Cyber Defense Magazine