On 26th of February, a breaking news was published on the official website of the state of Connecticut. The post explains that over a dozen Connecticut’s state agencies suffered a cyber attack late Friday afternoon.
State’s security team was informed of the incident the same day and received statements, claiming that it was no ordinary cyber attack, but an invasion of a ransomware virus. Much to our surprise, it was no random crypto-malware: WannaCry virus was determined to be the infection, attacking Connecticut’s state organizations.
Speaking of WannaCry ransomware, we cannot state that the infection had completely disappeared. There had been incidents when researchers suspected WannaCry to be spread, but massive or global events were not detected. However, United States and a bunch of other security agencies have officially attributed WannaCry to North Korea: is the attack against Connecticut a response to these allegations? It might be.
WannaCry virus infected 160 devices, belonging to Connecticut’s state agencies
The IT staffs of disrupted agencies had managed to contain the malware by Sunday night. Most of the computers did not suffer fatal damages as the agencies had made some cautionary arrangements beforehand. While most of the computers, owned by attacked agencies, had proper antivirus software and regular patching, clearly some devices were left behind. Surprisingly, specialists are suggesting that no files were encrypted or stolen during this attack. This makes the attack all the more bizarre.
IT specialists are working hard to investigate the incident further. The goal, of course, is to find out the details of the cyber attack and possible objectives that the hackers might have had in mind. It might have been a simple wake-up call from hackers, stating that they are about to come back with another global attack, compromising computers in over one hundred countries.
Even though the 12 compromised state agencies were working normally on Monday, this does not mean that the WannaCry attack did not leave any negative impact on infected devices. As you know, the ransomware exploits EternalBlue and DoublePulsar vulnerabilities in Windows operating systems. Even though these flaws have been fixed by Microsoft, even some state agencies remain ignorant and refuse to update their software.
Security researchers have explained that even though the flaws, exploited by WannaCry virus, have been fixed, this does not mean the end for the infection. Sure, cautious users might have rushed to download the updates for their Windows operating systems, but some might have missed this chance. Therefore, there might be thousands or millions of computer-owners, currently susceptible to WannaCry.