Here’s all you want to know about WannaCry Ransomware Cyber Attack: What and How?
Bitcoin Ransomware Cyber Attack is the burning topic now. It is deemed as the biggest ever cyber-attack in the Internet history. A ransomware named WannaCry stormed through the web.
On Friday, May 12, 2017, around 11 AM ET/3PM GMT, a ransomware attack of “unprecedented level” (Europol) started spreading WannaCry around the world. It used a vulnerability in Windows that allowed it to infect victim’s PC without them taking any action.
What is WannaCry?
Wanna Decryptor or WannaCry or wcry is a Ransomware program that locks all the data on a computer system, encrypts them and then demands money to decrypt it. The user is left with only two files in their system – the next step and the Wanna Decryptor program itself.
But users should note that even after paying ransom amount there is no assurance that your data is safe and you’ll be able to retrieve it. The ransom is demanded in Bitcoins. The malicious software locks down victims’ systems and refuses to grant them access to their files unless they agree to pay at least $300 in bitcoin.
In the first few hours, 200,000 machines were infected. Big organizations such as Renault or the NHS were struck and crippled by the attack.
WannaCry Background – How does it work?
- Arrives via phishing email (PDF) and spreads like a worm using covert channels
- Payload delivered via exploit running as a service
- It performs encryption in the background, with key-built in
- Uses tor to stay anonymous
- Drops ransom notes in 25+ languages
- Encrypts shared and local files (176 types of files)
Do’s and Don’ts
- Do not open attachments in unsolicited e-mails, even if they come from people in your contact list
- Do not click on any URLs contained in an unsolicited e-mail.
- Report any suspicious emails or attachments to the IT/IS team.
- Do not download software, videos, MP3s, etc.
- Check that your antivirus is updated and running in any machine you are using.
- Backup your critical data periodically.
- Do not connect any smartphones or portables devices to company systems.
- If you Job Role involves connecting to remote systems and executing applications. Please remain alert if you get any notice about failed connection or unable to execute application/s. If connection/execution fails do not attempt again.
- If you believe your computer has been infected, immediately disconnect your machine from the network by pulling the LAN cable out of the port in your computer. Do not try to restore any data on your own.
How to safeguard yourself from Ransomware Attacks
Following are some of the effective ways through which you can shield your data from theft.
- Make safe and secure backups – One of the apt ways to protect your confidential data from Ransomware. You should make multiple backups –
- On the cloud
- Hard drive
It is wise to keep your data to an external drive, which is not connected to the internet; your data will be safe and secure.
- Keep your system updated – Download the latest version of a software. Update your system frequently; companies release software updates to fix the bugs and vulnerabilities that were present in the previous versions therefore keep your systems updated.
- Make use of antivirus software – Having antivirus will at least protect your data/system from the most basic, popular viruses/infections by scanning your files. Many of the antivirus software available today is equipped to prevent Ransomware from being downloaded onto computers.
- Educate yourself – Stay alert! While browsing any website, the address has “s” in the https. Also, never click on suspicious links or attachments. Administration should ensure that employees don’t have pointless access to parts of the network that is not related to their work. This could prevent your data from such hazardous attacks.
Stay Vigilant, Stay Safe!