Ransomware attacks are neither new nor unexpected; the latest one is only the biggest of its kind so far. Five years ago, attackers in Eastern Europe were locking up victims computers and demanding ransoms $100 to $400. Back then, security experts estimated that less than 3% victims actually paid.
What exactly is WannaCry ransomware?
Ransomware have two parts. The first part known as EternalBlue, created by U.S National Security Agency to control the vulnerabilities in Windows OS. So, if your computer is not updated with latest Widows update, ensure that you do that first thing right after you read this blog. The second part – an encriptor is downloaded into your computer that takes control of all the files in your computer.
Ransomware ‘WannaCry’ attack explained
How the attack starts?
Sadly attack is initiated by a patch left unnoticed by Microsoft. Yes, WannaCry Ransomware is the exploitation of a patch by Microsoft which was dumped on March 14, 2017. This patch was then used by hackers to initiate the second phase which is ‘EternalBlue’ the fact that every company installed the patch on the first place, is even more dangerous for all of them.
Where was the first attack?
The first signs that you are infected
The first sign is that Ransomware will encrypt the file and drop multiple Ransomware notes all across your system. The next step is that WannaCry demands you to pay $300 in Bitcoin wallet.
The alarming thing is it gives you a countdown warning to raise the price after 3 days and still if you do not pay, the victim will completely lose their personal files within 7 days.
The WannaCry Ransomware will change the victim’s wallpaper with instructions on how to pay the ransom demand.
The file extensions targeted by the WannaCry ransomware include:
- Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
- Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv).
- Emails and email databases (.eml, .msg, .ost, .pst, .edb).
- Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
- Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
- Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
- Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
- Virtual machine files (.vmx, .vmdk, .vdi).
Here are 7 ways to protect yourself against WannaCry Ransomware
Method 1: Ensure that your system is up-to-date with the trustworthy anti-virus. For me I would suggest Kaspersky anti-virus. I am using it for quite some time and being a computer nerd I can surely tell that it will prevent you any upcoming attacks.
Method 2: Install Microsoft patch MS10-017, which closes the SMB Server vulnerability used in this ransomware attack. Microsoft even released this patch for operating systems that are no longer officially supported, such as Windows XP and Vista.
Method 3: Make sure you scan all the files. After you have identified the malware attack by the name MEM:Trojan.Win64.EquationDrug.gen or any malware attack immediately boot the system, and make sure that you have all system updated with the Microsoft security patch MS10-017.
Method 4: Disable the SMBv1 protocol, for complete guideline you can visit Microsoft.
Method 5: Backup all the important data on portable HD or even better approach is to store it in cloud store.
Method 6: Block port 445 for extra safety. Blocking TCP port 445 could help with the vulnerability if you haven’t patched your OS yet.
Method 7: Do not open any email from unknown sources. (Well of course this is the basic practice, but by mistake, we do click some of the unwanted emails, and this is the best time to stop this practice.
When the first outbreak was out, it infected more than 30,000 computers worldwide, and at that moment nobody knew what is happening and how to prevent it. It was a self-spreading worm that infected thousands of systems.
Since then, it the last three days, some companies are working hard to break the code, and analyze what is wrong with the virus. On the bright side one young chap 22 year old found a way, by accident to slow down the attack. Here is how he did it.