WannaCry: All you need to know about the Ransomware that took the world unawares.
As ridiculous as it sounds, the name of the ransomware is called WannaCry. That definitely has summarized what the effect of the attack will engender for those affected. All you would do is perhaps, cry. That’s if being lachrymose will bring back the files affected. The ransomware is also known as WannaCry ransomeware cryptoworm, Wanna Decryptor.
The cyber attack commenced on Friday, 12th May 2017 and ever since has infected more than 230,000 computers in over 150 countries.
The major target of the attack are computers that run on Microsft Windows operating system.
METHOD OF ATTACK
WannaCry searches for and encrypts 176 different file types and appends .WCRY to the end of the file name. It asks users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.
The ransom affects local networks and through the internet to computers that do not have the recent security update. This it does through the EternalBlue exploit, a software developed by National Security Agency (NSA) of the USA.
The countries mostly hit by the cyber attack, described as unprecedented in the scope of its ravaging sojourn are Russia, Ukraune, India and Taiwan. Others are the National Health Service (NHS) of Britain, Spain’s Telefonica, FedEx etc.
According to Kaspersky, a leading Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, African countries affected by the ransomeware are: South Africa, Nigeria, Angola, Egypt, Mozambique, Tanzania, Niger, Morocco and Tunisia.
WHAT TO DO
Microsoft had earlier, on March 14th, 2017 two weeks before the attack, released “CRITICAL” patch to eliminate the vulnerability for systems supported even though many organizations around the world were yet to apply it. The unsupported older version of Windows such as Windows XP and Windows Server 2003 were initially at risk although Microsoft has claimed it has taken “unusual steps” of releasing updates for these operating systems for all customers.
Symantec Corporation, the makers of the popular Norton Anti Virus maintained that the “decryption of encrypted files is not possible at present. If you have backup copies of affected files, you may be able to restore them” The corporation dissuades anyone from paying the ransom.
It further maintained that “In some cases, files may be recovered without backups. Files saved on the Desktop, My Documents, or on a removable drive are encrypted and their original copies are wiped. These are not recoverable. Files stored elsewhere on a computer are encrypted and their original copies are simply deleted. This means they could be recovered using an undelete tool”
Symantec further urges users to heed the following as best practices for protecting against ransomeware:
- New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that backups are appropriately protected or stored off-line so that attackers can’t delete them.
- Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to roll back to the unencrypted form.