Another Spy Program Leaked onto the Dark Web, Second Web Attack Imminent

The WannaCry ransomware infected over 300,000 computers worldwide including those operated by the National Health Service of the UK, the Russian government and multi-billion dollar corporations in merely a week. This week, several publications including the Financial Times and the Sun have reported that yet another global ransomware attack is imminent.

As explained by Microsoft president and chief legal officer Brad Smith, the WannaCry ransomware derived from an NSA-tool developed specifically to exploit computers running outdated Microsoft software and patches. Smith emphasized that the WannaCry ransomware attack is wholly attributable to the NSA’s development of malware. He wrote in an official Microsoft blog post:

“The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.”

A global ransomware attack using the WannaCry malware was made possible due to the leak of an NSA tool onto the dark web. By acquiring the malware developed by the NSA, hackers were able to design sophisticated ransomware which can penetrate into hundreds of thousands of computers by scanning for public IP addresses.

This week, sources of the Financial Times revealed that NSA malware codenamed Esteem Audit was released onto the dark web. The publication’s sources claimed that Esteem Audit was designed to carry out operations similar to that of the malware used to develop the WannaCry ransomware. Particularly, the Esteem Audit tool can be used to target Microsoft computers as the WannaCry malware did by exploiting certain components in the operating system.

In an interview, cybersecurity firm Bitdefender chief security strategist Catalin Cosoi described the developers and distributors behind the WannaCry ransomware as “amateurs.” She said, “We believe they [WannaCry’s operators] are amateurs. They saw an opportunity and they took it.”

Hence, a more carefully thought-out ransomware attack with intricately designed malware based on the NSA’s Esteem Audit tool could potentially result in a larger global ransomware attack that is capable of inflicting a significant financial damage onto companies, organizations and governments across the world.

Analysts have revealed that the distributors behind the WannaCry ransomware were only able to pocket $80,000 in total bitcoin ransom after their malware hit over 300,000 computers and operating systems of large-scale commercial organizations and government institutions. Relative to the impact the attack had on corporations in both the private and public sectors, experts including Brian Krebs stated that the reward was significantly small.

Krebs wrote:

“I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. It’s particularly galling because this attack potentially endangered the lives of many. At least 16 hospitals in the United Kingdom were diverting patients and rescheduling procedures on Friday thanks to the WannaCry outbreak, meaning the attack may well have hurt people physically.”

It is likely that the conversion rate of the attack was low primarily due to the warnings previously sent out by law enforcement agencies including the FBI. Last year, officials from the FBI discouraged ransomware victims from sending bitcoin payments to the ransomware distributors because there exists no guarantee that the distributors will provide decryption keys to free victims’ files.