On May 12, 2017, the business world suffered one of the most destructive cyber-attacks known to date. Today we will give you an insight on this crazy new cyber-attack: “Wanna Cry” is a ransomware virus that has affected more than 200,000 computers located in more than 150 countries globally, encrypting multiple files and requesting a rescue Reward in bitcoins.
What is and how a ransomware works
The attack perpetrated by hackers that are occupying all the headlines since some days left us a term that is novel for many people. That term is ransomware. Suddenly this word is found everywhere. All the news on television and the internet and all the newspapers are mentioning it constantly. But for many, there is still doubt about what it means.
For that reason, by way of explanation, we will tell you what ransomware is and also how it works and its primary objective.
What is ransomware?
The ransomware is a malicious software. It is so first, the simplest definition that we can offer on this concept, although logically there is much more behind it. It is a malware that seeks to encrypt the files present on a computer. Given the magnitude of some of the ransomware, such as the Wanna Cry we are seeing a lot these days, they can manage to encrypt the most sensitive files on any computer.
They usually focus on encrypting sensitive files on our computer. It does not matter what kind they are. It can be Word documents, or even PDF even photos or videos. The type of files that you are going to try to encrypt depends on the objective of its creator. The developer establishes which files are the target of ransomware.
How it Works
If ransomware manages to enter your computer and encrypt the files you are looking for; the most common thing is that you get the message that you have been infected. At the same time, they ask for a ransom to free your computer.
The Wanna Cry attack operating scheme:
- Infection: Massive spam to e-mail addresses with a dropper download link (the one that downloads the payload) or exploitation of vulnerable service that is exposed online on the internet or connection of infected equipment to the local network.
- When the attachment is downloaded (dropper) the computer is infected with Wanna Cry.
- Propagation: From the infected computer, the LAN network is searched for computers with the MS17-10vulnerability to spread the infection.
Can I recover the encrypted data? Do I pay the ransom?
This part is one of the most controversial. In general, both authorities and security experts recommend not paying and not yield to hacking blackmail. Many users pay, usually out of fear. It is a logical reaction, since having your computer locked your only objective is to be able to have all your files.
It’s a complicated situation. Some companies have been forced to pay huge figures to be able to release their systems from the ransomware attack. The main problem with these cases is that paying is not a guarantee.
There are cases in which, despite the payment of the ransom requested by the attackers, the computer has not been released. Therefore, in spite of making the payment, there is no guarantee whatsoever. That is why many recommend not to pay, but the biggest problem with this situation is that there are hardly any possible solutions. Without payment, the computer will not be released. A dead end. And paying the rescue only promotes and motivates the creators of these viruses.
How to know if you can be attacked
The versions of Windows that are in danger are the following:
- Microsoft Windows Vista SP2
- Windows Server 2008 SP2 and R2 SP1
- Windows 7
- Windows 8.1
- Windows RT 8.1
- Windows Server 2012 and R2
- Windows 10
- Windows Server 2016
For versions later than Windows 7, Microsoft already has a security patch that eliminates the possibility of being kidnapped. Just update the system to its latest version.
On the other hand, if you’re a Windows Vista or W7 user, things get complicated. Microsoft does not support these versions of the OS anymore, so they are exposed to critical vulnerabilities because the company’s engineers do not work to solve them.
How to prevent ransomware?
To avoid being infected by ransomware, the advice offered is usual for any malware. Wanna Cry enters our computer through our Outlook mailer, hidden in suspicious emails, Therefore, avoid opening emails of unknown origin, with attachments, and especially never download attachments in them. You also have to be careful with downloads, so always from trusted sites.
APK installers can be more problematic, so special care with this type is recommended. There is also no need to install strange add-ons that some website suggests.
It is also advisable to perform the following steps:
- Update all computers with the latest Windows security patches.
- Do not open untrusted files, attachments or links to emails, or reply to this type of emails.
- Caution when clicking links in emails, instant messaging and social networks, even if they are known contacts.
- Install anti-virus / anti-malware tools and activate the firewall.
- Having externalized backups of our information, since backups within the computer itself may also be affected.
- If the computer is networked and shares a drive with another computer, quickly disconnect the computer from the network, to prevent a rapid spread of the virus.
Technical details:
The malicious code is not encrypted / packaged and has been verified to launch the following commands:
“Cmd.exe / c vssadmin delete shadows / all / quiet & wmic shadowcopy delete & bcdedit / set {default}
Bootstatuspolicy ignoreallfailures & bcdedit / set {default} recoveryenabled no & wbadmin delete
Catalog –quietvs”
The wallet to pay is:
“13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94”
Being somewhat careful we can avoid the enormous problem that the ransomware supposes us. Have you ever been infected with ransomware?
If you liked this article, don’t forget to share it. If you have any queries, use the comment section below to let us know.
Read also:Removing Fake Antivirus Software