The cyber world, on Friday, heard a startling news that a new ransomware has been started doing rounds on the web. At first, the news came about it taking over National Health Service in Britain. But then the attack turned out to a massive one, which encrypted files on tens of thousands of computers all over the country.
Everything about WannaCry Ransomware Attack
Below, you will find out all the information about WannaCry attack under different headings.
How does WannaCry Ransomware Takeover Your System?
The security experts believe that WannaCry ransomware uses the EternalBlue exploit developed by United States’ NSA. They did it to attack Windows computers for their internal affairs. Eternal blue exploits the vulnerability Windows has on its SMB (Server Message Block) protocol.
Once the vulnerability had reached the ears of Microsoft, they released a patch fixing the vulnerability and ruling out the chances of getting exploited. Even though the update went live about two months ago, on March 14, not many installed it. That’s one of the main reasons WannaCry got access to an enormous number of computers.
The ransomware can get to your computer from an email attachment or as a worm on unpatched systems.
What does the Ransomware do to Your System?
Just like any other ransomware, WannaCry encrypts all your files (but with a unique extension .wncry). Once it happens, you will never get access to them unless you enter the correct key. There is no way on the earth that we know the secret key. So, the other way they suggest is paying the money they demand. The ransomware demands $300-600 to release your files.
We can’t surely say that the files will get decrypted as you pay them the ransom.
The Impact of the Attack
The ransomware attack went huge within a few days. Along with the computers in National Health Service hospitals in England and Scotland, the ransomware took over the devices of several companies like FedEx, Telefónica, Deutsche Bahn, LATAM Airlines, etc.
Even in India, the ransomware found its way to sneak into the servers of BSNL. We haven’t faced much of a loss, though.
The impact would have been bigger if a security researcher hadn’t found the kill switch of the ransomware. Reports then came out on the release of WannaCry 2.0.
How to Stay Safe from WannaCry Ransomware?
You know prevention is better than cure. In order to stay safe, you can follow the steps given below.
- Update your Operating System to the latest version. In case you don’t want to do that, you can manually download the MS17-010, closing the loophole.
They have rolled out security patches for older systems too (XP and Server 2003 R2)
- WCrypt uses SMB ports to sneak into any system. Given that no ordinary users need these ports (135 and 445), you can close them. For that, open Command Prompt as an administrator and run the following commands.
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name=”Block_TCP-135″
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name=”Block_TCP-445″
- You can also rule out the possibility of getting exposed to the vulnerability by disabling the SMBv1 Support.
dism /online /norestart /disable-feature /featurename:SMB1Protocol.
You can use the above command to do that.
- Avoid downloading attachments in emails from unknown contacts. Make sure you are not downloading any executable files (.exe files) as an attachment in emails.
- Consider using Antivirus for your Windows PC to remain protected from ransomware attacks
You know prevention is better than cure. And, there’s no guarantee that you will get your files back even after you pay them. So, do everything to prevent the ransomware from getting into your computer.