Largest ransomware infection Wannacrypt : Cause and Prevention

WannaCrypt (aka WannaCry) ransomware spreads violently affecting British hospitals, Universities, Airports and even companies such as FedEx, Telefonica and Airbus. The ransomware encrypts data on the computer and demands 0.3 to 1 bitcoin for access to data. Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan being the top targets.
India was among the countries worst affected by the ransomware as per the analysis by the security firm Kaspersky.
HeatMap Of WannaCry Spread
What is a ransomware? A malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

How WannaCry works

WannaCry ransomware
WannaCry, uses an exploit named EternalBlue to infect computers running versions of Windows operating systems. EternalBlue was first made public last month after Shadow Brokers released a bunch of exploits and hacking tools developed by the US NSA.
Once the ransomware affects your machine, it encrypts all the files in the machine and changes the file extension to ‘.WNCRY’. Only once this is done, the malware displays a window that demands of payment too access the data.
The display also contains two timers, one indicating the time to pay the amount in demand after which the amount would be increased and second is the time for complete deletion of the files.
WannaCry ransomware frankfurt

WannaCry ransomware at Frankfurt Airport (Source: Twitter)

Microsoft has already released a patch for the EternalBlue exploit back in March before Shadow Brokers made the NSA-developed vulnerability’s existence public. But there is a possibility that many more computers will not have updated the patch.
As a cautionary measure to prevent more spreading, Microsoft has already added the ransomware to the automatic detection and removal list in Windows Defender under the name Ransom:Win32.WannaCrypt.
Here are some methods you can stay safe.

1) Update the patches from Microsoft immediately

The patch should prevent the exploitation of the loophole in your system.

2) Update virus database of Windows Defender

Since Windows defender has already added the details of the ransomware, even if it reaches your machine, defender would automatically get it removed.

3) Prevent downloading of attachments from mails without scanning

In order for the ransomware to work, hackers need to download malicious software onto a victims computer after which the attack starts. Since most of the virus attacks are from email attachments and downloads from unknown sources, it is safe to prevent such activities.

4) Take a backup

Just as a precautionary measure, it is adviced to take a complete backup of your PC or at least the very important files in your machine.
BitCoin Account Transaction
At the time of publishing, the bitcoin account shown in the ransomware window as QR code has received over 3 lakh INR.
Read the Kaspersky’s analysis on the ransomware here.
Varun is a Software Developer by profession and blogger by passion. He likes to talk about technology and things on the internet that makes life easy.

Leave a Reply