So, if you’re a Windows user you MUST read this so that you know what this Ransomware virus does and what you can do about it. As it may have already affected some Windows device next to yours.
And if you are another OS user you SHOULD read it so that you know how to act in future if you are affected by this kind of cyber attacks.
What is the WannaCry ransomware?
First let’s start with what ransomware is. As the name implies: it’s a ransom software, or a sophisticated software that corrupts your computer files or blocks access to them, and if you want them back you should pay ransom.
Just as when someone gets kidnapped. If you want them back you need to pay the kidnappers ransom.
The ransomware can be:
- Encryptors, they implement advanced encryption algorithms to corrupt the victim’s files and they demand payment to provide the victim with the key that can decrypt the blocked content.
- Lockers, they locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files may not be corrupted in this case, but the attackers still ask for a ransom to unlock the infected computer.
So, what the WannaCry ransomware does: it encrypts victim’s files and then the hackers ask for ransom so that the victim can get the key to decrypt them back. The payment should be made in Bitcoin, that is digital currency and the start value is around 300 US dollars, but if they are not paid up in three days they will ask for 600 US dollars.
Crypto-ransomware, as encryptors are usually known, are the most widespread ones and they are the most prominent and worrisome cyber threat at the moment. It uses all the tricks available because it makes cyber criminals a huge amount of money.
When and how it started and who’s behind it
Last Friday, May 12, 2017, around 3PM GMT, the ransomware attack started spreading WannaCry around the world. Europol stated that it is a cyber attack of unprecedented level.
“According to security researchers, the WannaCry exploit is derived from a National Security Agency tool that was stolen and leaked by the Shadow Brokers back in April. It takes advantage of a Microsoft vulnerability for which the software giant issued a patch on March 14. Unpatched systems remained vulnerable to the threat.” - is said in the FCW article.
According to the CSO - “It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.
According to some researchers, a group known as Lazarus, a hacker cabal increasingly believed to operate under the North Korean government’s control, is behind this ransomware attack.
Who is affected by the WannyCry ransomware
Until now, the infection has affected over 200,000 victims in 150 countries and it keeps spreading.
- It started with the the U.K.’s National Health Service that was one of the first high-profile victims of this attack and has confirmed that at least 16 hospitals have been affected by the ransomware. Some social media sources say that the attack has even led to surgeries being cancelled and ambulances being turned away. The BBC mentions that about 40 of NHS’s medical organisations and practices were hit.
- Russia is the considered to the the “hardest hit” with the interior ministry, railways, banks and the Megafon mobile phone operator affected. Luckily, the ministry’s vital servers were unaffected because they were running domestic Russian software.
- Deutsche Bahn Electronic boards at stations announcing arrivals and departures were affected. Luckily, train services were not disrupted.
- China universities were affected, with students reporting ransoms pop up on their laptops and networks at universities across experienced severe disruption due to outdated or even pirated computer software used.
- South Korea’s biggest cinema chain CJ CGV said some of its advertisement servers connected to 50 cinemas had been affected, according to Yonhap news agency.
- India state police and several companies in the cities of Mumbai, Hyderabad, Bengaluru and Chennai were also affected.
- The Spanish telecom Telefonica said it had been attacked and the infected equipment was “under control and being reinstalled”.
- France Renault - the car manufacturer took measures to stop the spread of the ransomware by halting production at many sites, including in France, Slovenia and Romania.
- Fedex didn’t specify how badly is was affected, but they said that they were “implementing remediation steps as quickly as possible”
So which of the Microsoft software is exposed to WannaCry attacks? Check if you have an unpatched version of any of these Windows version:
- Microsoft Windows Vista SP2
- Microsoft Windows Server 2008 SP2 and R2 SP1
- Microsoft Windows 7
- Microsoft Windows 8.1
- Microsoft Windows RT 8.1
- Microsoft Windows Server 2012 și R2
- Microsoft Windows 10
- Microsoft Windows Server 2016
- Microsoft Windows XP
- Microsoft Windows Server 2003
Apart from industry reactions to the ransomware attacks, cyber risk modeling firm Cyence estimates the potential costs from the hack at $4 billion, while other groups predict losses would be in the hundreds of millions. The attack is likely to make 2017 the worst year for ransomware scams, in which hackers seize control of a company’s or organization’s computers and threaten to destroy data unless payment is made, is said in the CBS money watch article.
What to do about it now and in future?
“Friday’s attack is a loud and clear wake-up call,” said Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance in Washington, D.C. “The attack was global in reach, and its impact was significant. When we see whole systems like the National Health System in the United Kingdom directly targeted, it reinforces how dependent we have become on our data-driven networks. It is of utmost importance that cybersecurity of those networks be a top priority of businesses and organizations large and small.”
How to stop the WannaCry infection
- Turn off immediately an infected machine.
- Reinstall the Operating System on that device with all the updates
- Update all machines in the network so that you stop the possible spreading of the virus.
Microsoft said it had released a Windows security update in March to tackle the problem involved in the latest attack, but many users were yet to run it.
“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” Mr Smith said.
Should you pay
If you are a victim of the ransomware, from the experience so far, the payment doesn’t appear to work. So, the answer is simple, don’t pay.
If you have some data that you desperately need just keep it backed up somewhere for the future, because very often the decryption key gets publically available after these kind of encryption ransomware attacks. So you may be able to get back the data you need.
How to prevent your PCs and network from future ransomware
To prevent future ransomware infections and spreading you can:
- Keep all your machines updated with newest patches and OS versions.
- Use an updated version of an anti-virus software
- Use strong and unique passwords for all your accounts
- Use strong authentication - more than just a username and password will protect you or your organization form anyone getting access from stolen devices.
- Backup your data regularly: Even on a daily basis if you have crucial data that you keep on your devices
- Do not open suspicious attachments or click on suspicious URLs - The latest Verizon Data Breach Investigation Report shows that 23% of email recipients open phishing messages, and 11% click on attachments. That means they are three times more effective than email campaigns conducted nowadays.
“Businesses and organizations that don’t take cybersecurity seriously are leaving themselves vulnerable to attack and risk significant impact to their operations,” said Kaiser. “We hope organizations around the world will see this attack as a learning experience and begin to engage in adoption of better cybersecurity practices.”
Our encrypted email service can keep a your most important communication and be sure that it is encrypted and secure protected under 320m of granite mountain and the Swiss Data protection Act.