Ransomware – WannaCry

Recently thousands of computers were attacked by ransomware nicknamed “WannaCry,” throwing businesses and government agencies around the world into disarray.

With this little information, we want to make sure you know about this threat.

What is it?

WannaCry is a strain of ransomware that targets Windows computers worldwide, those who were infected found their PCs locked, and hackers demanding a ransom of $300, to unlock the device and locked files.

How many did get hit?

Like all malware infections, the error was human side. According to news, someone in Europe downloaded a compressed zip file that was attached to an email, allowing WannaCry onto their personal PC. Many people did the same, and when all was said and done, more than 300.000 computers were hacked.

The big fuss about it?

You might think it’s their fault for being stupid and doing something like that, but you should know that among the affected computers were some used by the UK`s National Health System. With locked computers, the medical staff was unable to access patient records and other essential services.

The cause of this malware surgeries and appointments were canceled, and facilities were shut down, as they tried to stop the spread of this malware. But not only UK`s National Health System was affected, but there is news that few other big companies got hit like Russia`s Central Bank, FedEx, Renault and Nissan facilities, Germany`s rail system and Spanish telecom company.

During a press briefing, Homeland Security Advisor Tom Bossert announced that WannaCry did not manage to hit any of US government systems.

Is your PC at risk?

It seems that if you are running Windows 10, you should be safe, as WannaCry doesn’t target newest OS. But if you are running other versions of Windows (Vista, Windows 7, Windows 8.1, Windows Server 2012, 2008 R2, 2012, 2012 R2, Server 2016) you should consider yourself as a potential target. Microsoft released a patch that is addressing the vulnerability that WannaCry targets, so hopefully you or your IT department has it already updated your OS.

There is some part of PCs that still uses older versions like Windows 7 and even Windows XP despite that there are no longer security updates for it. So Microsoft took a step and released a WannaCry patch for old version of Windows it no longer supported, including Windows 8, Windows XP and Server 2003

Regardless what version you are using, please make sure that you are up to date with security patches so you can increase your potential of being safe.

Ransomware isn’t a new thing, but WannaCry is.

Ransomware malware isn’t new on the web, but WannaCry is something bit different, cause it uses an exploit knows as EternalBlue. Developed by the NSA, which used it to go after targets. But, unfortunately for us, EternalBlue and other NSA tools were leaked online last year, by a group knows as the “Shadow Brokers” putting these powerful tools in the hands of anyone who can use them.

Is there still a threat?

UK researchers MalwareTech managed to acquire a sample of the malware on Friday, and run it in a virtual environment. He noticed that it pinged an unregistered domain, so he registered it himself. Lucky for countless victims and him, WannaCry only locked PCs if it could not connect to that domain.

Before MalwareTech registered the domain, it did not exist, so WannaCry could not connect, and computers were ransomed. With the domain registered, WannaCry connected and mostly died out.

Are we done?

Reading this you might think that we are safe and sound cause MalwareTech saved us, but there are still reports of new WannaCry versions emerging, so try to stay alerted and watch where you click, and what you download.

What if I was the victim?

It seems that many victims have paid the ransom demanded, but security experts warn against handing over your cash.

“As of this writing, the three bitcoin profiles associated with the WannaCry ransomware have accumulated more than $33,000 between them. Despite that, not a single case was reported of anyone receiving their files back,” Checkpoint blog post. “WannaCry does not seem to have a way of associating a payment to the person making it.”

Since Friday there has been recorded about $70.000 paid out, but still no evidence of data recovery.

If you have been hit, your best option is to restore from backup. You might use a tool that allows you to boot your computer to Linux environment, and let it take care of it. It will not restore your files, but it might clean out the malware.

If you managed to get your PC running, make sure you have a good antivirus system and a decent ransomware and malware protection.

Can we stop it from happening again?

Sure we can cause such an attacks are human based errors. You should just pay attention to your emails that got attachments or links, even if the message seems to be from someone you know. Just double-check the address and be on a lookout for any odd thing or attachment you were not expecting from someone.

If you are in doubt, message the person separately to assure that they did send you an email that requires you to download something.

Meanwhile, Microsoft made the NSA to “stockpile” these vulnerabilities.