It was on May 12th, 2017 that the World saw the biggest ever cyber attack, the WannaCry, in the history of Internet.
What is Ransomware?
A cyber attack that involves hackers gaining control of a computer system, tablet or smartphone and then demands a ransom to unlock it.
To gain access to the system, the cyber criminal needs to download a type of malicious software onto a device within the network, which is often done by getting a victim to click on a link or download it by mistake. Once the software evades the computer, it encrypts the files and shows a pop up with a countdown and instructions on how to pay the ransom to decrypt and get back the original files.
Payment is only accepted in Bitcoin. The hacker demands a payment of around $300 in Bitcoin within three days or $600 within seven days. If not paid, the hacker threatens the user of the system to wipe off all his data forever.
Encryptors, making use of advanced encryption algorithms, block system files and demand payment for the decryption key for decrypting the blocked content, namely Crypto Locker, Locky, CrytpoWall.
Lockers, in turn locks the operating environment of the victim thus making it impossible to access the desktop and any apps or files, The files are actually not encrypted in this case but the invaders demand ransoms for unblocking of the compromised system, namely Winlocker.
How do ransomware infections happen?
Though the infection phases differs on each ransomware attack, the important stages are of the following:
The victim may receive an email containing a malicious URL. It is also possible for the infection to originate from a defamatory website. When the victims click/download the link and open the attachment, a downloader gets placed on the system. This employs a list of domains or C&C servers, administered by cyber criminals to download the ransomware bug on to the machine. This malware encrypts the entire hard drive contents, personal documents as well as any sensitive information that includes data stored in Cloud accounts synced on your system. It also encrypts data on other machines within the local network.
A warning then pops up with the necessary information on how to decrypt the files.
The Wannacry Attack
On Friday, May 12, 2017, a Ransomware attack was initiated spreading WannaCry around the world. It took the advantage of a vulnerability in Microsoft’s Windows that allowed it to infect system’s without the victims taking any action. It was estimated that until May 24, 2017, the infection has affected over 200,000 systems in over 150 countries and it keeps on going.
The program which was deployed naming “WannaCry”, which asks for a minimum price about $300 but the more late you are to pay, the more the price increases. This took advantage of a loophole in Windows, which was unearthed by the U.S. National Security Agency(NSA) & later exposed to the world by hackers.
Who’s most vulnerable?
WannaCry ransomware targets Microsoft’s widely used Windows operating systems. PC’s with Windows OS that are not running updated software are the most at risk. All versions of Windows before Windows 10 are vulnerable to this attack if not patched for MS-17-010.
Ransomware gets into your computer, either by clicking or downloading malicious files. The malware then spreads quickly through file-sharing systems. It is also able to spread itself in a network by making use of a vulnerability in the Windows Server Message Block(SMB).
How does WannaCry work?
Wannacry makes use of ETERNALBLUE exploit, that takes advantage of the loophole in Microsoft’s Server Message Block protocol, it will spread onto any connected systems that has not been updated to guard against ETERNALBLUE. Once it gets infected, it encrypts image, database, office, email files and movies, and demands a ransom. It also installs DoublePulsar, a backdoor implant tool.
How to be safe?
The first and foremost thing is to make your Windows system up-to-date. For that, go to Start menu > type “Windows update” into the text prompt > select Windows Update from the results. Then, follow the instructions provided on the screen to get the system updated.
For disinfection, Microsoft has already released patches for Windows XP and Windows 8 operating systems. You just need to choose the correct link for your version of Windows XP or Windows 8. If you are unsure about this, go to Start menu >> Control Panel >> System. Then page will appear showing the details of your machine and its Operating System.
Steps to get secured from upcoming Ransomware attacks:
Locally, on the PC:
1. Do not store important data only on your PC.
2. Having 2 backups of data: one on an external hard drive and one in the Cloud.
3. Do not turn on applications like OneDrive, Dropbox, Google Drive etc on your system by default. Open them only once a day for data syncing and close as soon as this is done.
4. Update the operating system and the software, including the latest security updates.
5. Do not use the administrator account on the computer, instead use a guest account with limited privileges.
6. SMB will be enabled by default on Windows systems. Disable this service on the system from Settings >> uncheck the settings >> Click OK
7. Install a good anti-ransomware software on your machine for better security.
The Wannacry attack was put to cease by an information-security professional while analyzing the web address in the code. It was unearthed that the address used to send the message was unregistered which upon registering suddenly stopped infecting machines.
– Ignore open spam emails or emails from unknown senders.
– Do not download attachments from spam or suspicious emails.
– Do not click on the links in spam emails.
Anti-ransomware security tools
- Making use of a reliable, antivirus program that features an automatic update module and a real-time scanner.
- Understand the importance of having a traffic-filtering solution that provides proactive anti-ransomware protection.
Now we know that there is a handful of easy to do things that we can do to avoid Wannacry ransomware.
Cyber criminals have a strong impact over your data and security as you give them. So stay safe and don’t forget, the best preventive measure is always a backup!!