The WannaCry Ransomware
Ransomware, a malware that causes unavailability of data by locking a computer or by encrypting a part of the data till a certain amount of money, as demanded by the creator of the malware, is paid as ransom is back in news and this time it is big!
The idea behind such malware is to extort money from victims in exchange for their confidential information. However, there is no guarantee that victims will get access to their data after paying the ransom demanded. Ransom can be anything from physical money to bitcoins.
WannaCry is a ransomware. It demands bitcoins.
NHS or the British National Health Service (NHS) has been compromised by the ransomware. The situation has become extremely tough so much so that the service center had to reject admission to patients, cancel operations, reschedule activities and appointments, and asked patients to turn away unless they have an emergency.
Like many other malware, this ransomware is said to be delivered as a Trojan through a loaded hyperlink that can be accidentally opened by a victim through an email, advert on a webpage or a Dropbox link. Once it is activated, the malware program spreads through the computer systems and locks all the files with the same encryption used for instant messages.
WannaCry gets installed on vulnerable machines via a worm which replicates across networks exploiting the SMB service vulnerability. The malware has the capability to scan heavily over TCP port 445 (Server Message Block/SMB).
It particularly affects a bug identified by Microsoft security bulletin by bulletin number MS17-010. The vulnerability is said to be patched by the vendors in March. The only concern that remains is whether everyone and every organization has patched their systems. It has also been patched for old systems which do not have technical support now such as windows XP.
Don’t wannaCry? Read further:
1. Update (patch) your systems ASAP! Those who have Windows Update enabled are protected against attacks on this vulnerability. For those who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
One should update their systems regularly.
In May 2017, this large scale cyber-attack, started affecting companies over the world. A patch to remove this vulnerability had been issued on March 14, 2017, but the delay in applying updates left some users and organizations vulnerable.
- Backups –Best part about storing data electronically is, there can be ‘n’ number of backups, as opposed to what we could do physically. Backup your data. Back it up at locations other than the system where your data originally resides. Even if your data gets stolen, you will have backup to start things again. Encrypt your backup for confidentiality, additional security.
- Suspicious URL – Any URL you may find weird (yes, including the appearance). If it doesn’t sound decent, or if there is spelling mistake, the extension of the domain (.org, .com etc.) is something alien to you, simply don’t click on it.
- Suspicious Website – It is like suspicious URL. If the website address is something you have never heard of, begins with different protocol (not http/https) or extension, there are abnormal images/popups on the website, has inappropriate content, do not click anywhere, sign-up or download from it. Similarly, do not download from spam or phishing emails. Stay away from phishing attacks.
- Block port number 445 and 139 from external hosts
Some more compromises:
- Spanish firm Telefonica attacked – http://www.reuters.com/article/us-spain-cyber-idUSKBN1881TJ
- US firm FedEx attacked – http://www.fox13memphis.com/news/the-latest-uks-health-service-hit-by-ransomware-attack/521995184
- Computers were locked in Aintree, Blackpool, Broomfield Hospital in Essex, Colchester General Hospital, all hospital systems in Derbyshire, Great Yarmouth, East and North Hertfordshire, James Paget hospital in Norfolk, Lanarkshire, and Leicester – https://www.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/?mt=1494655520881