CONGRATULATIONS, YOU’RE OUR 1,000,000 VISITOR
We may think of viruses as a thing of the past, or something you only see when visiting a “sketchy” website. The truth is, malware is just as prominent as ever, and attacks have become increasingly sophisticated. It can take as little as not updating your software to make your device vulnerable to an attack.
We’ve compiled some of the most iconic malware attacks (in chronological order) and give some tips on how to prevent similar breaches from happening to you.
1. The "Friday the 13th" virus
Often considered one of the most famous viruses in history (possibly because of the superstitious connotation), this virus took to the world back in 1987. Also known as The Jerusalem Virus because of its discovery at a university there, this virus was essentially the first of its kind. Computers were still in a state of infancy and cybersecurity practice as we know it was functionally non-existent.
Needless to say, it caused panic in the relatively small world of computer owners. Out of fear, many users configured their devices to skip straight to Saturday the 14th.
How it works
First getting access to computers through CD_ROMs and floppy disks, the virus would jam up the memory of devices running on MS-DOS. This would noticeably slow down the infected device. Then, when the computer’s clock read Friday the 13th, the malware would activate and delete entire programs and files used that day.
Its Legacy
Thankfully, this virus is essentially defunct today. Only devices that run on DOS are susceptible and a vast majority of the population do not even know what a floppy disk is.
2. The Morris Worm - The world's first internet virus
November 2nd, 1988 23 year-old grad student Robert Morris is performing an experiment. From his device at Cornell University he tests a bug simply intended to highlight security flaws on devices running Unix. Next thing he knows, 100,000 devices (10% of all machines on the internet) are infected within 24 hours. Morris greatly underestimated the power of what he created; things had gotten out of hand.
Similarly to the Friday the 13th Virus, The Morris Worm came to be in a time where computers–let alone the internet– were not used by the general public. Only about 60,000 computers were connected to the internet at the time. Users were limited to academics, government officials, and the like. The “World Wide Web” as we know it was yet to be invented. There were no “websites”.
How it works
Worm Viruses get their name from their ability to “worm” into all devices connected to the same network. It only takes one infected device to wipe out entire organizations. It was fairly easy for The Morris Worm to get access to networks due to weak passwords held by unsuspecting users.
Once infected, the OS of that device became jammed and essentially non-functional. The FBI reported “vital military and university functions slowed to a crawl. Emails were delayed for days.” Whether it be wasted time trying to combat the virus or the cost of replacing devices and networks entirely, the damage was widespread. The FBI estimates the cost of The Morris Worm into the millions of dollars. Thankfully, this virus was not designed specifically to destroy devices or files. If it were otherwise, its destruction would have been catastrophic.
The Aftermath
3. Wannacry
The Morris Worm paved the way for countless other internet viruses. But its successors were much more devastating. One case in particular is the iconic WannaCry worm of May 2017.
Only 2 months prior, Microsoft released an update that addressed a vulnerability in its server message blocks (the software that connects devices to remote servers). This vulnerability was first exploited by The United States government. The NSA developed a tool called EternalBlue that they used for years to spy on both U.S. and foreign citizens without even telling Microsoft about the loophole. EternalBlue has been called “the cyberattack nightmare that won’t go away,” and Microsoft even called for a “Digital Geneva Convention” to outlaw such exploits.
Soon after Microsoft’s calls for cyber justice, EternalBlue fell into the hands of a hacking group called The Shadow Brokers and was leaked onto Twitter. In almost no time at all, 230,000 computers in 150 different countries were being held at ransom.
How it Works
Devices that had not updated to the latest version of Windows lacked the security patches to combat the EternalBlue exploit. This meant that any opportunistic hacker could use the leaked EternalBlue tool to break into an out-of-date computer. From there, the WannaCry worm would run its course on devices connected to the same network, encrypting files and servers.
Once infected, a ransom note would appear on the screen that claimed only once a $300 equivalent in Bitcoin was paid would the user’s files be accessible again. If this ransom was not paid within a few days, the amount increased to $600 worth, along with the threat of permanent deletion. To make matters worse, there was not a guarantee that the data would be returned. Many victims lost their files along with hundreds of dollars.
A researcher named Marcus Hutchins was able to quickly discover that the malware was attempting to reach an incredibly long, non-sensible URL: iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. If the URL was uneachable, the malware would activate and encrypt the user’s data.
Shortly after his discovery, Hutchins purchased the domain linked to the virus for a mere 11 dollars and the speed of WannaCry’s spread reduced significantly. He also created a kill switch that proved to be successful.
The Aftermath
The attackers only received about 100,000 dollars themselves. However, the loss resulting from WannaCry was roughly 4 billion dollars. Losses in productivity and the value of erased files are the calculations that comprise this catastrophic estimate. Amongst the many sectors hit by the ransomware were security, education, emergency, and healthcare organizations. Hospitals were affected, forcing surgeries to be rescheduled, ambulances to be re-routed, and patient files to be lost.
North Korea was blamed for this attack, but it was the American government that was irresponsible with such a destructive tool. EternalBlue and similar tools are still being utilized today, so it is crucial to always keep your device up to date. Microsoft puts crucial security patches on their software updates, and it is worth the reboot to protect your computer from ransomware.
4. NotPetya
EternalBlue’s reign of terror was far from over. Only two months after WannaCry was yet another global cyber-disaster to take place. The same NSA exploit was used by Russia’s Sandworm group (Kremlin-backed miliary hackers) to wreak havoc on the world with the NotPetya attack in June of 2017.
The “Not” in NotPetya comes from its origins in the Petya virus that took users ransom a year prior. What varied between the two attacks was the intention. Petya would hold the data on the infected computer ransom, while NotPetya merely disguised itself as ransomware, and in reality sought only to destroy. NotPetya is what they call a “wiper” — a virus thats purpose is to delete files permanently.
Given the NotPetya attacks were masterminded by the same group responsible for the infiltration of the 2016 election in the U.S., as well as cyber-attacks resulting in Ukrainian power outages, many consider this virus a tactic of cyber-warfare.
How it Works
“Patient Zero” of NotPetya was an outdated system used by accounting firms in The Ukraine called M.E. Doc. This software had not been updated since 2013 and was backdoored 3 different times in the 3 months prior to NotPetya. M.E. Doc was a ticking time-bomb.
Using the backdoor access to M.E. Doc, the Sandworm Group (also referred to as Telebots) utilized the NSA-born EternalBlue exploit to access unprotected server message blocks in Microsoft devices. Also used was a tool called Mimikatz, which exposed a flaw in Microsoft that left user’s passwords lingering in the system’s memory. So even if a device was lucky enough to not run on M.E.Doc, all it took was (surprise surprise) a missed update for someone to get hacked.
Using these tools, NotPetya wormed its way through essentially all Ukrainian firms via the backdoor in their accounting software. In no time major corporations, government entities, and companies all around the world were paralyzed by this virus. One example is maritime shipping company Maersk based out of Copenhagen. Comprising about a fifth of the world’s shipping capacity, 800 vessels with 76 ports were sent into a frenzy. With their computer systems compromised, communications and navigation were down. There were boats at a standstill in the middle of the ocean and traffic jams in ports filled with confused vessels. It was a maritime nightmare.
The Aftermath
Maersk alone lost 250 million dollars as a result of the NotPetya virus. The entire chain of global commerce was disrupted and resultingly countless hours of labor were spent tending to the wounds. Whether it be trying to recover lost files, desperately trying to coordinate shipments without necessary software, or even just waiting for a delayed package, the whole world felt the shockwave of NotPetya. Overall, the damage was estimated to be $10 billion dollars.
To reiterate: yes, you should perform that software update now.
5. akira
No, not the cult-classic 1988 cyberpunk film by Katsuhiro Otomo, the ransomware attacks that are still at large!
Beginning in March of 2023, computers all over the world have been compromised, showing only this iconic, retro-style black screen with light green text, holding the user and their information for ransom.
Originally only targeting devices operating on Windows, the (still unconfirmed) hacker group behind Akira has also created a virus for Linux. There have been attempts at decrypting the virus using loopholes, but Akira was not far behind, closing those loopholes and rendering the countermeasures useless.
How it Works
Akira takes advantage of vulnerabilities in VPNs and Multi-Factor Authentication (MFA) softwares to dump the ransomware onto a device. Once the ransomware is dumped, Powershell commands are launched that encrypt files on the computer itself as well as the network it is on. After this, the infamous ransom note appears and the victim is instructed to enter a chat room using a given code. There, they will “negotiate” the return of their files.
Not only do the threat actors hold the data hostage from the victim, they also threaten to release said-data to the public. This heightens the risk greatly for organizations that have protected information (ie medical records, credit card information, etc.) The list of those being held hostage by Akira was made easily accessible to interested parties.
Ongoing Damage
As of April 18, 2024, Jonathan Grieg from The Record estimates the profits earned from the Akira ransomware attacks at $42 million. More than 250 organizations have fallen victim to the virus, among them departments of Education, medical institutions, and real estate industries. To name a few: Stanford University, Yamaha, and major banks in South Africa and England.
The attacks are ongoing and the perpetrators have proven themselves to be quick on their feet in combatting attempts to squander the virus.
It is yet to be confirmed who exactly is behind Akira, but a portion of the ransom money was sent to payment addresses associated with the (supposedly-defunct) cyber-gang Conti.
Enable Multi-Factor Authentication whenever possible, avoid phishing emails like the plague, and never click on a sketchy download link.
