WannaCry Ransomware attack
Ransomware is a new type of encryption-based malicious software attack that will locks up the system files in your computer and will encrypts in such a way that users cannot access files. The malware encrypts files using AES and RSA encryption ciphers which means hackers can decrypt files using unique decryption key.
According to researchers this WannaCry ransomware attack has been spread over at least eight Asian countries,
dozen of European countries, Gulf countries etc and appears to be sweeping around the globe.
WannaCry Ransomware program supports dozens of languages, experts said that the hackers want to corrupt worldwide networks. According to Wainwright once one of the machine is infected the entire internal network is scanned and all other machines will also be affected.
How ransomware spreads
Ransomware normally spread through documents, PDF and other files sent via emails or through secondary infections from other computers in the network. WannaCrypt also uses phishing techniques to sent out emails, once the attachment is opened the malware will start to install and start encrypting the files immediately.
Once infected, WannaCrypt will try to spread within the network or over the network using the exploit code CVE-2017-0145 which will allow the remote attackers to execute the code.
How ransomware works
Once the computer is infected it will contact the central system of the software for the information it needs to activate and then begin to encrypt files. Once the files in the computer is encrypted it will ask for payment in bitcoin to decrypt the files.
Who was behind the attack?
The creators of ransomware is still unknown, an earlier version named WeCry was discovered back in February this year.
How to prevent WannaCrypt (and other) ransomware
– Keep the system Up-to-date: If you are using outdated versions of OS and softwares, please make the system up-to-date.
– Enable Windows firewall: Configure windows firewall correctly to avoid the attack, this attack normally operates on TCP ports 137, 139 and 445 and over UDP ports 137 and 138.
– Avoid phishing websites and emails: Never open untrusted websites and don’t open email attachment from untrusted senders.
– Microsoft security patch: Microsoft has already released the security patch MS17-010 system security update to fix this vulnerability, update the patches as soon as possible.
– Use Antivirus: An updated anti virus is highly recommended, also use antivirus program to scan the emails.
– Block legacy protocols such as SMB v1: Always try to disable legacy protocols such as SMB v1, v2,v3 etc in windows.
– Regular Backup: Always try to keep latest copies of user data to prevent data loss.
What to do if I’m compromised
Once ransomware has encrypted the files there is not much we can do. If you have latest backup of your files, you should be able to restore the files after cleaning the computer.
According to Security experts there is no guarantee that access will be granted after the payment has been made.
