The WannaCry ransomware – also called WCry, WannaCrypt, or Wana Decryptor – has been in the news for being the worst ransomware attack in history. It is said to have infected more than 230,000 computers in over 150 countries and still counting. The worst hit countries are Russia, Ukraine, India, and Taiwan. WannaCry has affected companies like Britain’s National Health Services (NHS), FedEx, Spain’s Telefonica, Renault in France, Deutsche Bahn, the German train service, Russia’s Interior Ministry, a movie theater chain in Korea, the Government of Gujarat and other companies around the world.
The WannaCry ransomware cryptogram attacks computers running Microsoft Windows operating system by encrypting all the data on the computer. The WannaCry attack started on May 12, 2017, and is continuing unabated till date. An independent safety professional from Great Britain was initially able to halt the progress of the ransomware and save thousands of computers from getting infected. Reports say that the makers of the ransomware have since rectified the code to continue its attack on the world’s computers, albeit in not a very successful manner as the original.
There have been ransomware attacks for a long time now. Why has WannaCry managed to capture the imagination of the world? It is probably because of how rapidly it has spread across the world.
What WannaCry Ransomware Does and How it Spreads?
Simply put, if WannaCry Ransomware infects your computer, you will lose access to all your files. A message on your desktop will ask you pay a ransom ranging from $200 – $500 in Bitcoin to regain access to your files. The ransom note also insists that the ransom amount will be doubled after three days and if you don’t pay up in seven days, all your data will be deleted.
A YouTube video by malware historian danooct1 shows what is like when the malware infects your computer.
It is believed that the attacks began in Asia, most likely through an exposed, vulnerable Windows Server Message Block (SMB) port. WannaCry spreads within corporate networks without user interaction by exploiting a known vulnerability in Microsoft Windows. When executed, the WannaCry malware first encrypts the computer’s data and then exploits the Windows SMB vulnerability to spread to other computers on the same network and random computers across the internet. As many people believe, it is not a targeted attack, but a random attack on computers that exhibit the SMB vulnerability.
In the News: Microsoft Issues Windows 7 Wanna Cry Patch
Facts about WannaCry Ransomware
1.Biggest Attack Ever?
It is the largest cyber attack to date and has infected more than 200,000 computers in just one weekend, from schools and universities in China to Police departments in India and made the makers more than $50,000 in ransom so far. It may not be the largest attack in terms of ransom paid, but it has spread faster and has attacked more computers than any other cyber attack. It has cost untold damage to corporations across the world as many companies chose to stay offline as a cautionary move.
WannaCry Ransomware targets computers running Microsoft Windows, and those running older and unsupported versions, in particular, Windows XP, are especially vulnerable. Computers that don’t have the latest Windows Security update are also at risk.
3. There is no solution yet
Computer professionals are working on ways to decrypt files encrypted by WannaCry, but so far, there is no solution.
4.Security Patches will Protect You
Microsoft has released security patches for its latest versions and in an unprecedented move even for versions, it doesn’t support anymore to thwart the spread of this ransomware and others like this.
5. It is just the beginning
Experts suggest that this cyber attack is just the beginning and waiting in the wings are other more potent and vicious malware that can wipe out entire networks and cause much more havoc.
Myths about WannaCry Ransomware
Is it a targeted attack? No, it isn’t. WannaCry indiscriminately infects vulnerable computers and hasn’t targeted corporations or individuals.
2. Paying Ransom Would Get Your Data Back
Paying the ransom is the only way to recover your data. Actually, no. So far there has not been even a single reported case of an infected computer recovering data after paying the ransom. The creators of WannaCry have bungled up here; there are three default hard coded bitcoin addresses for payment and the attackers have no way of knowing who has paid the ransom. So it is unlikely you’ll get the data back by paying up.
3. ATM’s are vulnerable targets
ATMs are especially vulnerable: No, they are not. Though most older ATMs run on Windows XP, the most vulnerable operating system, they are not likely to be infected because of a firmware that limits the functionalities of ATMs to the bare minimum.
4. Small Businesses and Personal Computers are Safe
WannaCry affects only big companies. Not true. Since it is an indiscriminate attack, any computer or network with SMB vulnerabilities can be infected, that includes big corporations, small businesses, and individual home computers too.
5. Don’t conduct online transactions
Online transactions make you vulnerable to the attack. No, it doesn’t. If a web server is infected with the ransomware, it simply wouldn’t function. So the chances of the ransomware infecting your computer through an online transaction are next to nothing.
6. Smartphones can be targeted too
WannaCry can infect my Android Phone and iPhone: No, it can’t. Not yet at least.
So far the malware has infected only computers running on Microsoft Windows. Security experts warn that a similar or a variation of this attack can be used on smartphones in the future.
Are you a WannaCry victim? Here’s what you can do:
Security experts everywhere are working on ways to stop the ransomware from spreading and for a way to decrypt encrypted files without paying a ransom. If the ransomware has infected your computer, firstly do not panic.
Most experts agree that paying ransom is not a good idea. There is no guarantee that your files will be decrypted. Also, paying the ransom just opens you to similar cyberattacks in the future.
Here’s what you should do instead:
1. Decryption of encrypted files is not possible at present. If your data recovery isn’t urgent, wait for a solution to be released by security experts.
2. The best thing to do is to wipe out your machine and restore from backup. This is one of the reasons why backing up data is so important.
3. There are some ransomware decryption tools available that could help you. It may not restore your data but will help you clean out the malware.
How do I keep my computer safe from WannaCry and other malware?
Experts have warned that WannaCry may be just the first in the long list of cyberattacks waiting to happen. There are rumors that new attacks like Adylkuzz are waiting to follow up on the WannaCry attack. While these attacks and their repercussions are hard to predict, there are things you can do to stay safe.
1. Keep your security software up to date to protect yourself against malware.
2. Make sure your operating system and other software is always updated. It is important to always install software updates because they often include patches for security vulnerabilities.
3. The most effective way of dealing with a ransomware infection is surprisingly easy – backup of all data. Ransomware attackers have no leverage over users with backed up data. It is important however to make sure the data backups are protected and stored offline.
4. Using cloud services can mitigate ransomware infection. Cloud services usually retain previous versions of files and it is simple to roll-back to the previous version.
5. Emails and email attachments are the most commonly used methods of infection. Though WannaCry did not spread through email, as originally thought, other ransomware spread through links and attachments in email. Be extremely wary of email attachments; if the attachment seems even a tiny bit odd, it is perhaps safer not to download it. Links that seem to lead to unknown websites are also best avoided. If you get an attachment that asks you to enable macros, delete the mail unless you are absolutely sure it is a genuine email from a trusted source.
6. WannaCry does not target Windows 10, so you are safe if you are on this operating system. However, if you are running other versions like Vista, Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, make sure you install the patch released by Microsoft in March that addresses the SMB vulnerability.
What were the lessons learned from what has been described as one of the worst ransomware attacks in history? Experts believe that the success of this attack can be contributed to the element of surprise that came with it.
Even though Microsoft released a security patch for this vulnerability back in March, it didn’t stop the ransomware from wreaking havoc on more than 200,000 computers. Most people do not update their operating systems and fail to install software updates. In an organization where many computers are on the network, even one vulnerable computer can cause all the systems to be infected.
Many organizations use unsupported operating systems, or even worse pirated ones. Such decisions greatly assist in the rapid spread of malware.
We can never stop emphasizing the importance of software updates and backups; two best practices that can help keep such attacks at bay.
Further Reading: Red Alert: Your Internet Privacy, Surfing Data is No Longer Secure