On May 12th, 2017, the world was hit by a cyber-attack that caused chaos and panic among organizations and people alike. So far, more than 200,000 computers in 150 countries have been affected, with victims including hospitals, banks, telecommunications companies and warehouses.
WannaCry, Wanna Decryptor, WannaCrypt – whatever it’s referred to as, is by and large the same bitcoin-demanding beast. In this article, we explain everything we know about the ransomware that has been raking havoc globally and how you can safeguard yourself against this threat.
WHAT IS WannaCry RANSOMWARE?
WannaCry is an encryption-based ransomware that encrypts files on a system with AES and RSA ciphers. This means the hackers can directly decrypt the files on an infected system using a unique decryption key.
Once WannaCry ransomware infects a system it creates encrypted copies of specific file types before deleting the originals. The victims are then left with encrypted copies, which can’t be accessed without a decryption key. Additionally they increase the ransom amount, and threaten loss of data over time, creating a sense of urgency, greatly improving their chances of getting paid by the victims.
HOW DID WannaCry RANSOMWARE SPREAD?
Reports by Symantec and Kaspersky suggest that WannaCry ransomware was spread through a flaw in Microsoft’s Server Message Block (SMB) Protocol. Typically this protocol is used to share files between systems on closed networks but can be exploited if one of the systems is connected to a public network.
HOW DOES RANSOMWARE INFECT YOUR SYSTEM?
Usually, ransomware gains access to your computer, by phishing emails which contain file attachments and links to websites with unpatched software vulnerabilities. WannaCry encrypts all the files it finds and renames them by adding “.WNCRY” to the file name. If not for encryption, the ransomware locks the computer system altogether. The ransomware displays the decryption capability by allowing the user to decrypt a few random files, free of charge. It then immediately reminds the user to pay the ransom to decrypt all the remaining files.
HOW TO PROTECT YOURSELF AGAINST WannaCry?
The easiest and safest way to protect against WannaCry is to avoid opening any executable files attached in an email or clicking on links from unknown sources. Most anti-virus software can detect all known versions of WannaCryptor 2.0, so an updated antivirus should be able to detect and remove these ransomwares, but if there is a new virus infecting systems then it might not yet be developed to catch it. Therefore, as a precautionary measure, always backup important files to an offline location.
Make sure you install all available windows OS updates and latest patches to prevent getting exploited by vulnerabilities that are present in older versions and remove any system running on windows that did not receive a patch or update from all your networks. Missing updates are the cause of most ransomware, malware and security incidents.
WHAT STEPS HAS MICROSOFT TAKEN TO SOLVE THIS PROBLEM?
For Windows Vista, 7, 8.1 & 10 Users – In March, Microsoft released a security update addressing the vulnerabilities that the recent ransomware attacks had been exploiting. Those who have Windows Security Update enabled, are protected against attacks of this vulnerability.
For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010
Activate Windows Defender – For customers using Windows Defender, an update was released on 16th May 2017, which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep your anti-malware software’s up-to-date.
For Older Versions of Windows – Customers running versions of Windows that no longer receive mainstream support may not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, Microsoft has released a Security Update for platforms in custom support only. Windows XP, Windows 8 and Windows Server 2003 Security Updates are broadly available for download now (see links below).
To further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks.
TACKLE THIS THREAT WITH SYSFORE
Need more help? Are there infected systems in your network? Contact us today!
Sysfore can help you identify vulnerable and prone systems in your cloud network and help you protect them with security measures and available patches. We can also consult you on how to implement data backup and recovery solutions to keep your data safe and secure in situations like this.
Sysfore is a full service application engineering solutions provider for enterprises with decade plus experience in application engineering on the Microsoft .NET platform and on the open source technology stack. We are a Microsoft Gold Partner on the Azure Platform, and an AWS Cloud Partner. We build applications for enterprise clients using the best of cloud, mobile, and responsive web technologies. We serve a global client base, offering Consulting, Technology and Managed Services.
Further Resources:
Download English language security updates: Windows Server 2003 SP2 x64,Windows Server 2003 SP2 x86,Windows XP SP2 x64,Windows XP SP3 x86,Windows XP Embedded SP3 x86,Windows 8 x86,Windows 8 x64
Download localized versions for the security update for Windows XP, Windows 8 or Windows Server: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Read general information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx
Download MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/