WannaCrypt (aka WannaCry) ransomware spreads violently affecting British hospitals, Universities, Airports and even companies such as FedEx, Telefonica and Airbus. The ransomware encrypts data on the computer and demands 0.3 to 1 bitcoin for access to data. Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan being the top targets.
India was among the countries worst affected by the ransomware as per the analysis by the security firm Kaspersky.
What is a ransomware? A malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it
How WannaCry works
WannaCry, uses an exploit named EternalBlue to infect computers running versions of Windows operating systems. EternalBlue was first made public last month after Shadow Brokers released a bunch of exploits and hacking tools developed by the US NSA.
Once the ransomware affects your machine, it encrypts all the files in the machine and changes the file extension to ‘.WNCRY’. Only once this is done, the malware displays a window that demands of payment too access the data.
The display also contains two timers, one indicating the time to pay the amount in demand after which the amount would be increased and second is the time for complete deletion of the files.
Microsoft has already released a patch for the EternalBlue exploit back in March before Shadow Brokers made the NSA-developed vulnerability’s existence public. But there is a possibility that many more computers will not have updated the patch.
As a cautionary measure to prevent more spreading, Microsoft has already added the ransomware to the automatic detection and removal list in Windows Defender under the name Ransom:Win32.WannaCrypt.
Here are some methods you can stay safe.
1) Update the patches from Microsoft immediately
The patch should prevent the exploitation of the loophole in your system.
2) Update virus database of Windows Defender
Since Windows defender has already added the details of the ransomware, even if it reaches your machine, defender would automatically get it removed.
3) Prevent downloading of attachments from mails without scanning
In order for the ransomware to work, hackers need to download malicious software onto a victims computer after which the attack starts. Since most of the virus attacks are from email attachments and downloads from unknown sources, it is safe to prevent such activities.
4) Take a backup
Just as a precautionary measure, it is adviced to take a complete backup of your PC or at least the very important files in your machine.
At the time of publishing, the bitcoin account shown in the ransomware window as QR code has received over 3 lakh INR.
Read the Kaspersky’s analysis on the ransomware here.