Wannacry: Everything you need to know.
The wannaCry should be a wake-up call for all. Many experts predicted an increase in ransomware and other such malware in 2017. This malware are prone to affect the low budget businesses, hospitals and such public systems with less security and more vital information which might deep valuable. The day of reconning is here for many businesses, with the spread of wannacry ransomware, also known as wannacypter also known as Wcry.
You may well wanna cry if you get this ransomware in your system. Wannacry encrypts system files and demands a ransom which when paid in bitcoins will release your files. Wannacry was first detected around February 27th this year, but now apparently taken an advance from compared to the previous version. It has infected over 100,000 computers and is spreading violently. Currently, most of the infections are coming from Russia, UK, India and Taiwan and that is increasing. You can watch the spread of this malware by clicking this link.
Check Map of infection known by intel: https://intel.malwaretech.com/botnet/wcrypt/?t=1m&bid=all
The malware has allegedly managed to infiltrate the ministry of internal affairs of Russia. UK’s hospitals have been forced to shut down and the systems have been demanded $300-$400 in bitcoins. Many Spanish firms are affected by the attack too.
So how does wannacry malware works?
This ransomware attack encrypts the personal and important files of windows users. These are initiated by using SMB execution in windows OS. To say it simply It acts like a worm from victim machine to other machines giving it a potential to spread this fast. Initial attacks would be by simple phishing mechanism or clicking on an email which causes the infection to spread.
The victim is shown this timer which says the payment amount will be raised after 3 days and the user will suffer complete loss after 7 days. The Stats collected from the bitcoin collector wallet suggest that many of the infected users have already paid their ransoms.
So who is at risk?
Any window user how has not installed the patch given as a window update, by Microsoft in The Microsoft security bulletin MS17-010-Critical. This was released by Microsoft on march 14th 2017. However many companies and organization including many of us have not yet installed the patch. It has affected over 99 counties and you could be next.
How to Do we escape from wannacry ransomware?
Well, the simple way would be to install the patch MS Security MS17-101- Critical which closes the SNB permeability which wannacry ransomware uses to exploit your system. If you have already got the latest windows update then you are protected.
To get the patch click here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
For extra protection, you need to make sure all of your important data are backed up to a drive which is not accessible by a regular system. an external hard-drive or cloud. Syncing to drive would not be able to do the job efficiently.
Who is to blamed?
This is the biggest cyber attack in history by exploiting a bug in windows. Banks to telecom companies like Telefonica has been affected. It is definitely an international attack. Intelligence has been working to pinpoint the location of these cyber criminals. It is not the $300 that they actually earn as a ransom but the millions which they will make by selling the information they could sell in dark web. The initial reports suggest that the attack was done by a group called shadow brokers. The US has been pointing links to north Korea for this attack. Experts say this could lead to a massive war or even a world war in terms of cyber attacks. Russia has been affected adversely and many systems are still under vurnarable condition.