Since its discovery on Friday afternoon, the WannaCry ransomware attack has continued to spread this weekend, impacting over organizations and 200,000 individuals in over 150 countries, according to European authorities. However, while measures have been taken to slow the spread of the malware, new variations have begun to surface.
The infection sent via an emailed web link or attachment. If a recipient clicked the link, the malware first checks the kill switch website, if the WannaCry infection is not found, the ransonware encrypts the computer hard drive, then attempts to spread out to random computers on the Internet, and to computers on the same LAN. It displays a message informing the user that files have been corrupted and demands a payment of $300 in bitcoin within three days.
How To Protect yourself from Ransomware?
Here are some of the precautions and steps that need to take to avoid ransomware such as WannaCry:
1. Backup your computer immediately
Investing in an external hard drive and making regular backups will help you in protecting your data, if not in saving you against malware.A data backup can save you from significant stress, time and money in the event when your computer becomes infected.
Alternatively, you can subscribe to a cloud backup service and upload your most important data regularly. Free cloud services like Google Drive, Apple iCloud or Dropbox can also be used to store your most valuable data without spending a dime.
2. Immediately patch your Windows with Microsoft’s recently released fix
This Ransomware spread through a weakness in Microsoft Windows which was formerly exploited by US surveillance agency NSA.
This tool, unfortunately, was leaked in April 2017 and is now being used by hackers behind Wanna Cry Ransomware.
In response, Microsoft released a fix for this vulnerability which can be applied by those who are still safe from Wanna Cry Ransomware.
3. Update your operating system
Though Microsoft did release a fix for the vulnerability; we still do not know if any similar vulnerabilities still exist in the OS. In this case, it is necessary that you update your OS to the latest version, preferably Windows 10, as soon as you can.
4. Steer clear of suspicious emails and websites
Phishing emails are not uncommon, any email containing links or files can grant malware access to your computer therefore keep your eyes open and steer clear from any such emails.
Ransomware can also infect computers via malicious website advertisements or through the installation of unverified software. The best defense in such cases is to avoid any such website or software links as they may lead to the installation of malware or Ransomware program.
5. Use Firewall
Using a firewall can stop ransomware from entering your system. A firewall guards your online communications and makes sure that no suspicious or unauthorized program access your computer without your consent.
It is necessary that you keep your firewall software updated at all times, so you remain safe from any recent forms of malware. Also, make sure not to approve any suspicious files from bypassing your firewall security and entering your system.
6. Don’t pay
One thing that you must remember is that paying ransomware does not guarantee its removal from your computer. Giving in to the hacker’s demand and paying the ransomware amount only gives attackers the arsenal they need to create and spread more ransomware programs.
You should instead try restoring a pre-infection backup of your computer. If a backup is not available, but the files are important for you or your business, seek the help of a computer professional. Don’t give in.
We’re not exactly sure when the Wanna Cry ransomware will stop rotating around the web. Even if you do pay the ransomware amount and successfully decrypt your important files, there is no guarantee that your PC shall remain safe from this ransomware again in the future.
However, following the above-mentioned steps religiously can help in preventing all ransomware threats from your PC.
What is ransomware?
Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files. There are two types of ransomware in circulation:
- Encrypting ransomware, which incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall and more.
- Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.
What is Wanna Decryptor?
Wanna Decryptor, also known as WannaCry or wcry, is a specific ransomware program that locks all the data on a computer system and leaves the user with only two files: instructions on what to do next and the Wanna Decryptor program itself.
When the software is opened it tells computer users that their files have been encryted, and gives them a few days to pay up, warning that their files will otherwise be deleted. It demands payment in Bitcoin, gives instructions on how to buy it, and provides a Bitcoin address to send it to.
Most computer security companies have ransomware decryption tools that can bypass the software.
It was used in a major cyber attack that affected organisations across the world including the NHS and Telefonica in Spain.
How to protect yourself against ransomware attacks
The best protection against ransomware attacks is to have all files backed up in a completely separate system. This means that if you suffer an attack you won’t lost any information to the hackers.
It is difficult to prevent determined hackers from launching a ransomware attack, but exercising caution can help. Cyber attackers need to download the malicious software onto a computer, phone or other connected device.
The most common ways of installing the virus are through compromised emails and websites.
For example, hackers could send an employee a phishing email that looks like it comes from their boss asking them to open a link. But it actually links to a malicious website that surreptitiously downloads the virus onto their computer.
Citing from the source: What is WannaCry and how does ransomware work?
A large-scale cyberattack has spread across 99 countries, including the UK, US, China, Russia, Spain, Italy and India. The cyberattack has affected the IT systems of banks, telephone companies and hospitals. No instance of the vulnerability being exploited in India has come to light yet.
Citing from the source: Massive ‘Ransomware’ attack hits 99 countries around the world
Cyber-security firm Avast, a provider of Antivirus, said it had seen at least 75,000 computers been infected by the malware, dubbed ‘WannaCry’. Among the government agencies and companies affected include UK’s National Health Service, FedEx, Spain’s communications giant Telefonica and the Russian Interior Ministry.
Unknown hackers apparently launched ‘ransomware’ attacks, which basically encrypt files and demands a Bitcoin (a form of virtual currency) payment to regain access. The message displaying on NHS computers has been circulated on social media and victims of the attack needs to send $300 or $600 to a bitcoin address.
In the U.K, the cyberattack has affected at least 16 organizations within the state-run National Health service. “The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. At this stage we do not have any evidence that patient data has been accessed”, NHS Digital said in a statement.
The hackers, who are still unidentified, likely made a “self spreading malware”, by exploiting a piece of NSA code known as “Eternal Blue” that was released by a group known as the Shadow Brokers. ‘WannaCry’ exploits a vulnerability on old Microsoft computers that was first discovered by the National Security Agency. Microsoft even released a patch for the exploit known as MS17-010, in March. But those machines that haven’t been updated, the malicious code encrypts all of an infected computer’s files – and then spread on its own.
The U.S Department of Homeland Security, in a statement, encouraged users to update their systems. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally. DHS has a cadre of cyber security professionals that can provide expertise and support to critical infrastructure entities,” the department said.
In a statement, Kaspersky Lab said it was “currently working on the possibility of creating a decryption tool to help victims…we will provide an update when a tool is available”.