WannaCry - the Scourge of Ransomware

Creating malware such as ransomware is a lucrative enterprise for cyber criminals. On May 12th, 2017 the largest cyber attack in internet history occurred, infecting computers across the world, called WannaCry. WannaCry is just the latest and most notorious ransomware attack with more and more occurring every week. Should you be concerned - absolutely!

What is WannaCry?

Simply put, WannaCry is a malicious, largely automated attack that is activated by someone clicking on a link in a spam email or activating macros in an infected document. Once activated WannaCry leverages a vulnerability in the in the Windows OS and within seconds encrypts your data, and this screen pops up:

You are informed that your data is encrypted and that you have a limited amount of time to pay a ransom of $300 USD in an untraceable, virtual currency of Bitcoin. If you do not pay within a couple hours the ransom doubles and if you still have not paid after then you are threatened with the permanent loss of all your data.

Any computers connected to your network will also be infected, no matter the antivirus programs they have installed.

Where Did WannaCry Come From?

Multiple reports from the NSA suggest North Korea created WannaCry, and it seems to have been designed primarily to target Russia, Ukraine, and Taiwan. Over 300,000 computers in over 150 countries were infected within a day. Britain's National Health Service (NHS), Spain's Telefonica, FedEx and Germany's Deutsche Bahn were hit especially hard. 

WannaCry infects your computer using the EternalBlue vulnerability in the Windows OS, discovered by the NSA. A group of hackers, known as The Shadow Brokers, leaked the exploit on April 14th, 2017. On March 14th Microsoft released a security patch the fixed the Server Message Block (SMB) protocol that EternalBlue used. Many users had not installed the update by the time WannaCry was released on Friday, May 14th, 2017. 

Ransomware attacks employ a mix of technological and psychological manipulation in order for you to pay up the ransom and gain access to your files again. Everyday crypto-ransomware attack gets better - this is a lucrative business for cyber criminals.

WannaCry only infects computers vulnerable to the specific exploit in EternalBlue. However, tomorrow there may be a new exploit discovered in a different piece of software.

How Do I Prevent Ransomware Attacks?

Most importantly, have backups of all your data. Ransomware can be defeated by simply deleting the program and reloading your backups. 

Keep your operating system (OS) up to date! This is not the 90's, hackers are no longer individuals in basements. They are highly coordinated attacks that have entire industries surrounding them. 

Use a reliable antivirus program.

Never open spam emails from unknown senders and never download attachments or click on the links in these suspicious emails.

If you get infected, do not pay the ransom! The goal of these attacks is to scare you into paying money, and that is it - much more effort goes into designing the payload to encrypt your data then goes into the mechanism to decrypt it. Over a quarter of people who have paid the ransom for WannaCry never got their data unencrypted. Heimdal Security has a handy list of ransomware decryption tools that can help you unlock your data.

But, be warned, encryption algorithms are robust and there is no guarantee your data can be recovered it depends on the quality of the code written by the hackers; but the chances are decently high.

Conclusions

We know that ransomware threats are only going to grow in the future as the attacks become ever more sophisticated. Attackers use equal parts social engineering and technological exploits to strike individuals, businesses, and even governments. 

Always keep your software up to date! People are always looking for exploits in software for a backdoor into your computer. 

You are not powerless, just be vigilant, be smart, and be safe and always backup your data!

PC Tec Rescuers is here to help you. Our friendly techs are available 24/7 to assist you with any problems you may have from WannaCry or any other piece of malicious software.