The WannaCry Ransomware is a recent cyberattack which has targeted thousands of computers in the world running Windows operating system. Everyone is talking about this Ransomware but as I see, only a few know what a Ransomware actually is. Let me give an overview of what it is.
What is a Ransomware?
In layman’s language, Ransomware is similar to kidnapping. The malware kidnaps the files that you have on your computer and network and will not give them back to you until you pay them (the hacker group) a certain amount of money or bitcoins. And also the hacker group’s identity might remain anonymous just like the kidnappers. Now, in technical or hacker language, when this Ransomware enters into your computer through internet(mostly), it first checks for the security patches in your computer and if it couldn’t find a kill switch in your Operating System, then it will encrypt all your files and a pop-up is shown on your screen saying that a certain amount of money or bitcoins must be transferred to them (the hacker group) so that they can decrypt the files and you get them back. This is how a Ransomware works.
Where and how did it start?
Now, getting back to the WannaCry Ransomware, it started on 12th May 2017 and has spread across 230,000 computers in 150+ countries. Russia, England(UK), India and Taiwan remain to be the worst hit countries. Britain’s National Health Service(NHS) is one among the first few organizations that were affected by this Ransomware and then it spread across the world.
According to the researchers, this Ransomware uses the tools such as EternalBlue Exploit and DoublePulsar Backdoor which were developed by the National Security Agency(NSA) of U.S. Recently, these tools were leaked to public as reported by WikiLeaks. These tools use certain algorithms to bypass the authentication of the Operating System to access computers remotely.
Whom did it affect?
The organizations which still use the computers and devices running the Windows XP and older versions were reported to be the most affected by WannaCry. This is due to the presence of loophole in the Windows Message Block(SMB) (you can google about the SMB) of the operating system. Although Microsoft has issued security update and patch on 14 March 2017 for Windows 7 and above, but didn’t do the same for Windows XP. Hence, they felt prey to WannaCry.
Europol has reported that this is the most unprecedented (never seen before) cyber attack. Security researchers suggest not to pay anything to these hacker groups. But in need of the files that were encrypted, organizations are anonymously paying to them so that they can get their files back. According to Wikipedia, as of 17 May 2017, 02:33 UTC, 238 payments were made which account to $72,144,76. That’s huge.
What can you do to prevent this Ransomware attack on you?
Although it’s been 5 days that the Ransomware has broke out, it is still active and you might be it’s next victim. There are 2 things that you can do to prevent yourself from WannCry.
1. Install the most recent security patch released by Microsoft. After the Ransomware broke out, Microsoft has released security patch for even Microsoft Windows XP and Windows server 2003 (which is unusual). Install these updates and your probability of being exposed to the Ransomware will be reduced.
2. Do not respond to the phishing mails. Although email providers such as gmail send the phishing mails directly to spam, some of them might escape and fall into your inbox. When you see any mail with suspicious sender, subject, content or attachment, immediately delete the mail without even opening it. One such attachment is taskche.exe which is responsible for the attack.
Please stay safe on internet and avoid this Ransomware.
You can always contact us here.