WannaCry ransomware.

WannaCry ransomware: what is it and how to protect yourself

The latest on the MS17-010 flaw and the WannaCry patch linked to the NHS cyber attack
 
WannaCry, Wanna Decryptor, WannaCrypt – whatever it's referred to, the ransomware involved in the recent NHS computer hack is, by and large, the same bitcoin-demanding beast. Here we explain everything we know about the worm that caused global chaos.
 

WannaCry ransomware

WannaCry is a so-called encryption-based ransomware also known as Wanna Decryptor or WCRY, Travis Farral, director of security strategy for Anomali told WIRED.
It encrypts users files using AES and RSA encryption ciphers meaning the hackers can directly decrypt system files using a unique decryption key.

In previous WannaCry ransomware attacks, victims have been sent ransom notes with “instructions” in the form of !Please Read Me!.txt files, linking to ways of contacting the hackers. WannaCry changes the computer's wallpaper with messages asking the victim to download the ransomware from Dropbox before demanding hundreds in bitcoin to work.
 
Put more simply, once inside the system WannaCry ransomware creates encrypted copies of specific file types before deleting the originals, leaving the victims with the encrypted copies, which can't be accessed without a decryption key. WannaCry additionally increases the ransom amount, and threatens loss of data, at a predetermined time, creating a sense of urgency and greatly improving the chances victims will pay the ransom.

It is unclear how the WannaCry ransomware infected the NHS systems, but it can spread through phishing emails or via a website containing a malicious program. Security experts involved in the NHS computer hack have scanned email networks of those trusts affected and found no evidence of a spear phishing campaign.

Instead, researchers from various security firms including Avast, Proofpoint and Symantec said WannaCry most likely spread via an exploit used by the Equation Group – a group widely suspected of being tied to the NSA.

How to protect yourself from WannaCry ransomware?

Avast said it detects all known versions of WanaCrypt0r 2.0, as do other anti-virus software.
The safest way to protect yourself is to avoid clicking links from unknown sources. Security experts have strongly recommended all Windows users fully update their system with the latest available patches.

"It is critical you install all available OS updates to prevent getting exploited by the MS17-010 vulnerability," added Malwarebytes. Any systems running a Windows version that did not receive a patch for this vulnerability should be removed from all networks.

Additionally, any systems affected by this attack will have DOUBLEPULSAR installed and this will need to be removed. Certain anti-virus software, including Malwarebytes, are protected from this backdoor but script is also available that can remotely detect and remove it.

It is also possible to disable the SMB1 file protocol, which the worm within the malware was using to spread across networks.
To know more watch this-----

 



 

 

Comments

Post a Comment

Popular Posts