WannaCry Ransomware attack 2017?
It’s all started when National Security Agency (NSA) of USA find a vulnerability in Window Operating system in Server Message Block (SMB) Protocol, by which the worm can enter to any system. This information is leaked by some group of hacker ( The Shadow Brokers) and they used it for WannaCry Ransomware Attack. But it was not a Zero-day flaw, Microsoft released the security patch to fix the vulnerability two months before, on 2 March 2017.
WannaCry is a name of ransomware virus. It is a ransomware program that is targeting window operating system nowadays. WannaCry Ransomware attack is a kind of cyber attack that is attacking mostly business networks, a home network users are very unlikely to be affected. It installs on the system when you open a malicious attachment in mail, malicious link or goes to any untrusted or malicious website. This virus is launched on Friday 12 May 2017. It has been affected more than 230,00 computers in 150 countries. The most affected countries are Russia, Ukraine, India, Taiwan etc.
The WannaCry Ransomware attack hackers demanded payment of $300 to $600 ( Approx Rs. 19,000 to Rs. 38,000)in bitcoins(cryptocurrency). They have earned about $75.6k till now. The British NHS, international shipper FedEx, telecommunications company Telefonica and others were among the targets. In India, the computer of Andhra Pradesh police department was infected by this virus.
The screen of attack device will look like
What is Ransomware?
The meaning of ransom is to a paid sum of money to release the captive. The Ransomware is a type of malicious software that will block the access to a computer or lock all your data until you will pay a demanded money. Typically. it will encrypt all your saved data and to decrypt your data, you have to pay some amount of ransom.
EFFECT: It will block the access to your computer or lock your computer and it can also encrypt your files stored on your local drives. Ransomware spread 31% from email, 28% from attachment clicks, 24% from unknown link clicks, 4% from malicious links and websites, 13% from other sources.
WannaCry Ransomware Attack Prevention
- Keep all of the software on your computer up to date. Microsoft provides the patch to update your device to all version 7, 8 10 also for included XP. Go to Microsoft website and update your device.
- Make sure automatic updating is turned on to get all the latest Microsoft security updates and browser-related components (Java, Adobe, and the like).
- Keep your firewall turned on.
- Don’t open spam email messages or click links on suspicious websites. (CryptoLocker spreads via .zip files sent as email attachments)
- Use any reputed antivirus such as Norton, Avast, McAfee etc.
- Keep your browser clean and do not click on any malicious link or malicious attachment.
- Try to avoid downloading the pirated files such as music, movies, software etc.
- Always have a good backup system in place, just in case your PC does become infected and you can’t recover files.
- Download and install malware removal tools such as Malwarebytes, Roguekiller etc.
Should I Pay?
- There is no guarantee of actual recovery, even after payment is made.
- In most of the case even after paying the ransom, the data will be lost or encrypted.
- So It’s better to prevent your system from this virus and some important method of prevention written below.
- Obviously, I can’t advise you whether to pay or not. It’s completely your call.
The first known ransom was “AIDS Trojan” was developed by Joseph popp in 1989. The most famous attack of Ransomware was is 2012 “Reveton” and in 2013 “Cryptolocker”.
- In 2012, a major ransomware worm known as Reveton began to spread.
- Also known as “police trojan”.
- Claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc.
- Displays a warning from a law enforcement agency.
- The warning informs the user that to unlock their system they would have to pay a fine.
- To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer’s IP address and footage from a computer’s webcam.
- An Encrypting ransomware reappeared in 2013.
- It Encrypts certain types of files stored on local drives using RSA public-key cryptography.
- The private key stored only on the malware’s control servers.
- Offers to decrypt the data if a payment is made by a stated deadline.
- Threatens to delete the private key if the deadline passes.
- It distributed either as an attachment to a malicious e-mail.
- It was also propagated using the Gameover ZeuS.
- Gameover ZeuS is a peer to peer botnet based upon earlier ZeuS Trojan.
- It was isolated in May 2014, when a Gameover botnet was knocked out.