WannaCrypt : Co-incidence or the start of World War III?
Mystic Horacio Villegas had predicted that the World War III will start on May 13th, 2017. The prediction revolves around some other predictions that had been made like Donald Trump's becoming the President of the United States and also that the US will attack Syria. The blind mystic reportedly foretold 9/11, the 2004 Boxing Day tsunami, the Fukushima nuclear spill and the birth of ISIS and many other such incidents, but the question is 'Are we already moving into the World War III?' The recent spread of WannaCrypt suggests something.
On May 12th, a massive ransomware known as WannCrypt started spreading across the world wide web and till now it has destroyed data stored in hundreds of thousands of PCs across the globe. It actually doesn't destroy, but it encrypts the data and in order to decrypt you will have to pay a certain amount. The initial infection was thought to have a result of a vulnerability in the network defenses. When it is executed, the malware first checks the 'kill switch' domain name and it is not found, then the ransomware encrypts the computer's data and attempts to exploit the SMB vulnerability to spread out to random computers on the Internet and computers connected to the same network can easily be victims of such attack.
There have been some reports claiming that three or more hard coded bitcoin address are being used to receive the ransoms. It has been found till now that a total sum of $66,116.58 has been transferred to the bitcoin wallets as of 5 PM IST (11:30 HRS, GMT), May 16th, 2017. Here are the three bitcoin addresses we found
Now, let's get onto some other pieces of news. This is a tweet by Neel Mehta, a Google Security Researcher.
9c7c7149387a1c79679a87dd1ba755bc @ 0x402560, 0x40F598
ac21c8ad899727137c4b94458d7aa8d8 @ 0x10004ba0, 0x10012AA4#WannaCryptAttribution
— Neel Mehta (@neelmehta) May 15, 2017
Don't know what it means? Neither do I. But researchers at the Kaspersky Lab has explained what it means and it's quite a shock for everyone- A possible North Korea link with WannaCrypt.
The tweet contains two samples-
- A WannaCrypt cryptor sample from February 2017 which looks like a very early variant
- A Lazarus APT group sample from February 2015
You can see the similarity in the screenshot and the portions of the codes have been highlighted.
Lazarus is an infamous group a hacker group which possibly originates from North Korea and were responsible for stealing $81 Million from Central Bank of Bangladesh. The link can not be ignored because there are some traces that and clues that indicated the aggression of this North Korean hacker group. Sony Pictures had reported investigated to find a link between an attack on them and the movie 'The Interview' as the movie was slammed badly by the North Korea. Nothing is official or clear till now, however, Kaspersky ha stated that Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCrypt.
North Korea has always been very aggressive when it comes to protest and rant against the US. North Korea has even claimed that they have developed nuclear and hydrogen bombs, clearly threatening other countries. As of now, both North Korea and Syria are the prime targets of the US under Trump administration as many analysts have predicted.
There were some predictions and remarks made by various cyber security experts and analysts that the Word War III may be fought with the cyber weapons i.e. viruses, malware, rootkits etc. Forbes had also said that 2017 Will Be The Year Of Cyber Warfare.
So, is the prediction gonna be true? Are we really moving towards a Cyber Warfare taking the shape of World War III? I guess we will have to wait till October 2017 as the Mystic Horacio Villegas has stated that the time between May and October of 2017 would be crucial and the next World War may start anytime between this time period.
As of now, three variants of WannaCrypt have been spotted. The first ones have a killswitch but the latest one doesn't have one. So, we're not pretty sure whether it is being done to test the potential of this ransomware or it will go away in some time. As we can see that the ransomware is having multiple versions and it refuses to stop, we can guess that this is just the initial testing that is being made to see what it can do to countries as targetted. India is one of the most affected countries right now and if security measures are not taken as soon as possible it may cripple down the banking system and infiltrate internal security as well.