On Friday 12 May 2017, the whole world woke up to meet one of the biggest Malware attacks in the history of mankind.
The malware is a ransomware variant, which means the malware is attacking and keeping computers hostage, locking people out of their computers and encrypting their files while demanding for a payment of up to $300 in bitcoin – a price that doubles after three days/72hrs.
Affected individuals, institutions, government or businesses have to pay the ransom and receive a decryption key to set your files and data free or risk losing them forever. What’s worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.The attack is due to a kind of ransomware called Wanna Decryptor, also known as WannaCrypt, WanaCrypt0r, and WannaCry
The ransomware is known as Wanna Decryptor, WannaCrypt, WanaCrypt0r, and WannaCry
What’s worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.The attack is due to a kind of ransomware called Wanna Decryptor, also known as WannaCrypt, WanaCrypt0r, and WannaCry
What’s worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.
Security researchers were more concerned about Monday morning that more computers will be infected as people will go to work on Monday and switch on their computers and also connect them to the internet.
As of recent, the Ransomware has spread and affected more than 200,000 computers and 150 countries, affecting and shutting down hospitals, Government facilities, Universities, warehouse, banks, and businesses and the malware continues to spread.
Though as of now, it affects more of businesses, institutions, and the government. But, individuals are at risk too as WannaCry targets a flaw found in older versions of Windows operating system that have not been patched.
How Can a Computer get infected with WannaCry?
For a huge company to be infected, all that have to be done is for some employee to open a malicious attachment. Once that was done, the infection could laterally traverse the complete network, in a classical worm-like fashion, without any human intervention.
The infection eventually ends up encrypting all important files on the victim’s computer using a very strong technique (RSA and AES-128-CBC) and asks for initially $300 and eventually $600 to give the password which could decrypt the files.
WannaCry exploits the SMB service which runs on TCP port 445 – to put this in layman’s term – the malware exploits the flaw within a service over which MOST OF THE ENTERPRISE NETWORKS are build upon (Domain Controller setup).
Like most other ransomwares, WannaCry is written in the C Programming Language.
As security researchers try to figure out how to battle this malware, businesses, governments, and individuals can be of help in their own little way by making sure they have protected themselves.
- Update your Windows OS
If you are still using an older windows OS, you have two options. either to keep your windows update enabled and make sure all the security updates released are installed immediately or you upgrade to a newer OS.
You must know that users of Windows 10 are not affected by the ransomware, the attack only impacts those running on older Windows operating systems.
If you’re on MacOS, ChromeOS, Linux or mobile operating systems like iOS and Android, don’t worry about this particular threat.
- Update Your Drivers
This appears to be the most helpful prevention strategy to keep your computer safe from WannaCry as this malware is one of those things that go wrong when users fail to keep their computers updated/patched.
Come to think of it, the prevention of this attack has already been made available by Microsoft since March 2017, when a security fix was released by Microsoft. It resolved the problem for Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, and Windows Server 2016, which are still supported.
This fixes resolved the problem for Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, and Windows Server 2016, which are still supported.
If your computer is running any of the versions of windows stated above and you have not yet downloaded Microsoft Security Bulletin MS17-010, you should do so now manually, or allow enable your Windows Update to do that for you automatically.
In response to the threat, Microsoft has also released an emergency patch for legacy Windows operating systems, which (as out of cycle products) are no longer supported — unless special support contracts are in place.
Security updates can be download and deployed manually here for Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, and Windows 8 x64 directly from Microsoft.
Microsoft has also added a signature to the Windows Defender antivirus to detect the ransomware.
- Beware of Malicious Links
Do not open suspicious emails, do not click on links you don’t know or open any files you weren’t expecting. You might be welcoming the next malware into your computer by so doing.
Finally, if you couldn’t apply any of the security checks above, you can disconnect entirely from the internet (if possible, at least for the meantime). By so doing, WannaCry cannot get to your computer; it just can’t access what it cannot see.
What If I am Already Infected?
As of the time of this post, there is no known fix for WannaCry ransomware.
Shortly after WannaCry began to spread, a security researcher accidentally bumped into a kill switch that appeared to stop WannaCry in its tracks. But the hackers behind the malware quickly made a fix and now the kill switch is obsolete, and this time there doesn’t appear to be any way to stop it.
Meanwhile, you can equally checkout some tools that have been used by security researchers to spot and remove ransomware in the past.
Many experts say wiping your machine and restoring your backups is the best thing to do after being infected. The hackers behind WannaCry have already received bitcoin payments of up to $70,000, and the guarantee that your decryption code will be sent to you is somehow not certain.