The malicious software WanaCryptor which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind. Dozens of countries have been affected by this ransomware attack. The attack locks up computers and holds users’ documents for ransom.
If we look back at August 2016, The hackers group named “The Shadow Brokers” claims to have penetrated an NSA-backed hacking operation. The group of hackers claimed that they have hacked into “Equation Group” which is a cyber attack group widely believed to be associated with NSA.
Earlier this year, the hacking group have decided to give away hacked tools and files for free. They took it to medium and shared the password to unlock the encrypted folder of files to the public.
Well, the hacking tools that were stolen from the NSA can be used for hacking computers running on Microsoft windows. The malicious software WanaCryptor 2.0 which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind.
Well, Dozens of countries have been affected by this ransomware attack. The attack locks up computers and holds users’ documents for ransom. The more shocking thing is, the ransomware is targeting multiple companies, government agencies, and even hospitals.
Security researchers at Avast have recorded over 57,000 detections of WanaCryptor 2.0 ransomware in 99 countries. Let me tell you, after the attack, the ransom being demanded is $300 worth of bitcoins.
Well, the attack displays a message which instructs how to pay the ransom, explanation of the attack and a timer. Here’s the message:
According to Avast security blog “The ransomware is mainly being targeted to Russia, Ukraine, and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica.”
Avast security blog says “We saw the first version of WanaCrypt0r in February and now the ransomware is available in 28 different languages, from languages like Bulgarian to Vietnamese.”
This malware is spreading by exploiting a vulnerability called EternalBlue. The scam might be spreading because of phishing emails with malicious attachments that infect users computers when they click on them. Well, the official government says that not to pay those criminals behind such attacks.
Well, Avast security blog reported that good antivirus program can detect all known version of WanaCryptor 2.0. However, they also recommended users to fully update their system with the latest available patches.
Just now we have also seen Reserve Bank of India has shut down some ATMs all over the India as a preventive measure against the ransomware and had also asked banks to put in place a software update at ATMs.
check out the video of Wnnacry live propogation in system:
How it works:
WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore.
It targets Microsoft’s widely used Windows operating system.
When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300.
The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline of when the target will lose its data forever.
Payment is only accepted in bitcoin.
The ransomware’s name is WCry, but analysts are also using variants such as WannaCry.
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the US’ National Security Agency (NSA), according cyber-security providers.
How it spreads:
Ransomware is a programme that gets into your computer, either by clicking or downloading malicious files. It then holds your data as ransom.
Some security researchers say the infections in the case of WannaCry seem to be deployed via a worm, spreading by itself within a network rather than relying on humans to spread it by clicking on an infected attachment.
The programme encrypts your files and demands payment in order to regain access.
Security experts warn there is no guarantee that access will be granted after payment.
Some forms of ransomware execute programmes that can lock your computer entirely, only showing a message to make payment in order to log in again.
Others create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.
Steps on how to avoid Ransomware
1. Backup your computer immediately
Investing in an external hard drive and making regular backups will help you in protecting your data, if not in saving you against malware.A data backup can save you from significant stress, time and money in the event when your computer becomes infected.
Alternatively, you can subscribe to a cloud backup service and upload your most important data regularly. Free cloud services like Google Drive, Apple iCloud or Dropbox can also be used to store your most valuable data without spending a dime.
2. Immediately patch your Windows with Microsoft’s recently released fix
This Ransomware spread through a weakness in Microsoft Windows which was formerly exploited by US surveillance agency NSA.
This tool, unfortunately, was leaked in April 2017 and is now being used by hackers behind Wanna Cry Ransomware.
In response, Microsoft released a fix for this vulnerability which can be applied by those who are still safe from Wanna Cry Ransomware.
3. Update your operating system
Though Microsoft did release a fix for the vulnerability; we still do not know if any similar vulnerabilities still exist in the OS. In this case, it is necessary that you update your OS to the latest version, preferably Windows 10, as soon as you can.
4. Steer clear of suspicious emails and websites
Phishing emails are not uncommon, any email containing links or files can grant malware access to your computer therefore keep your eyes open and steer clear from any such emails.
Ransomware can also infect computers via malicious website advertisements or through the installation of unverified software. The best defense in such cases is to avoid any such website or software links as they may lead to the installation of malware or Ransomware program.
5. Use Firewall
Using a firewall can stop ransomware from entering your system. A firewall guards your online communications and makes sure that no suspicious or unauthorized program access your computer without your consent.
It is necessary that you keep your firewall software updated at all times, so you remain safe from any recent forms of malware. Also, make sure not to approve any suspicious files from bypassing your firewall security and entering your system.
6. Don’t pay
One thing that you must remember is that paying ransomware does not guarantee its removal from your computer. Giving in to the hacker’s demand and paying the ransomware amount only gives attackers the arsenal they need to create and spread more ransomware programs.
You should instead try restoring a pre-infection backup of your computer. If a backup is not available, but the files are important for you or your business, seek the help of a computer professional. Don’t give in.
KEEP YOUR SYSTEM SAFE