EVERYTHING YOU NEED TO KNOW ABOUT RECENT RANSOMWARE ATTACKS

It’s High time that we all start taking our cyber-security issues seriously. The Recent Ransomware attack which started spreading on Friday May 12^th has hit a lot of hospitals, schools, shops, factories, organizations and government agencies affecting tens of hundreds of systems across the globe. This attack uses a malicious software called “WanaCrypt0r 2.0” or WannaCry which exploits the vulnerability in windows. Although Microsoft had already released the patched version in March but not everyone has updated their computers making it vulnerable to this attacks.

So Let’s Start with the basic knowledge of this malware and then look at how you can prevent yourself.

What is Ransomware?

Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. Payment is demanded in the form of Bitcoins (Because bitcoin transactions cannot be traced). The WannaCry Ransomware specifically asks for $300 as bitcoins.

How does it work?

Windows had a certain security problem that allowed this kind of attack to happen. Microsoft has since released an update to plug this security hole. However, not all computers are patched. The WannaCry Ransomware writes itself into a random folder in the “ProgramData” folder with the file name “tasksche.exe” or in “C:\Windows\” with filename “mssecsvc.exe” and “tasksche.exe”. It grants itself full access to all files using batch script. Then finally it will encrypt all your local data and change the extension to “.WCRY”.

The country’s cyber security agency Computer Emergency Response Team of India (CERT-In) has issued a red-coloured ‘critical alert’ in connection with the WannaCry attack, and warned users to not pay the ransom.

“Individuals or organisations are not encouraged to pay the ransom as this does not guarantee files will be released. Report such instances of fraud to CERT-In and law enforcement agencies,” CERT-In said.

The Massive Cyber Attack was slowed down on Sunday when a researcher accidently triggered the kill-switch for the virus, but the hacker group responsible updated the virus soon and had it spread again

Once a victim is infected with the WannaCry virus, the following screen is displayed on infected PC:

And the following image is set as default wallpaper background:

How to Prevent Myself?

• The first basic step you should do right now is apply patches to your windows system.
  If you are on the latest supported version then visit the link below to apply the patch.
  https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
• If you are on an Unsupported version such as Windows XP, Vista OR Server 2003/2008 then visit this link: http://www.catalog.update.microsoft.com/search.aspx?q=4012598
• Take a backup of your critical data and store it offline on some portable disk.
• Update your antivirus to the latest version.
• Disable macros on all Microsoft office products.
• Don’t open any sort of attachments sent to you on the mail, even if it from your closest friend. Also don’t click on any url’s in the mail.
• Make sure you don’t connect to WiFi networks that you don’t know or trust.

What to do if You are already infected by WannaCry Ransomware?

• Immediately Isolate your system from the network, this prevents the malware from spreading to other systems.
• Preserve your Data, even though it is encrypted don’t delete it.
• Report the incident to CERT-in and local law enforcement agency.

Found it Interesting? Got Something to ask??
Feel free to comment it below.

Stay Secure ! Stay Happy !!