New Delhi, May 16: The whole world has been groped in the shackles of “WannaCry” syndrome! Hold on, for some people this is the new concept. The whole world is reeling under ‘Global Cyber Attack’. Let us get in detail- What is “WannaCry”? Why it is so much hyped?
What is “WannaCry” ransomeware?
“WannaCry” ransomeware encrypts most of the user files on a Windows PC with virtually unbreakable encryption. A message is posted on the computer's screen informing the user that he must pay a ransom usually about $300 in the online crypto-currency Bitcoin. “WannaCry” is a ransomware module that uses a Windows leaked by the ‘Shadow Brokers’ in April this year, purportedly as part of a set of tools used by the US National Security Agency (NSA) to spy on targets.
From where did it originate?
The first appeared a few months ago and spread via phishing emails, which require the recipient of the email to open an attachment before the malware can try to infect a computer. This new version spreads much faster. It incorporates ‘ETERNALBLUE’, a software exploit (a method of punching through a piece of software's security) that was developed years ago by the U.S. National Security Agency (NSA). In April, a group called the ‘ShadowBrokers’ posted the source code for ‘ETERNALBLUE’.
How does it affect?
The cyberattacks started Friday and spread rapidly around the globe using a security flaw in Microsoft’s Windows XP operating system, an older version that is no longer given mainstream tech support by the US giant. The malware, known as “WannaCry”, locks access to user files and in an on-screen message demands payment of $300 in the virtual currency Bitcoin in order to decrypt the files.
Once WannaCry worms its way into a system, it encrypts the data, and then exploits vulnerability in Microsoft’s Server Message Block (SMB) protocol to spread the infection. While ransomware is usually considered a rudimentary attack tool, this particular version was supercharged by its creators using secrets leaked from the NSA’s spy book. This is why it was so effective, shutting down hundreds of thousands of computers across the US, Europe, and even India, apart from others.
"Paying the ransom does not guarantee the encrypted files will be released," the U.S. Department of Homeland Security's Computer Emergency Readiness Team said in an advisory Friday. "It only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed."
Impact of “WannaCry”
WannaCry ransomware had been noted earlier by experts. Its presence has been noted in 150 countries. Among the 10,000 organizations affected are Britain's National Health Service, the U.S.-based courier FedEx, automaker Renault in France and Spain's largest telecom operator.
What can you do to prevent infection from “WannaCry”?
The most important thing you can do is install the system updates marked as important in Windows Update. To do so, open the start menu, type "windows update" into the text prompt, and select Windows Update from the results. Then, follow the on-screen instructions to install updates.
As mentioned above, Microsoft has also released patches for Windows XP and Windows 8, but it's possible that Windows Update on those machines may not have access to the patches. If so, you can download the patches manually using the links at the bottom of this Microsoft security advisory.
A security researcher going by the name MalwareTech was attempting to reverse-engineer “WannaCry” on Friday, in order to understand it, when he noticed a bit of code in the module that instructed it to check whether a bogus URL was live. Curious to find out why the ransomware’s creators had put that in, he registered the domain name himself for about $10. What happened next astounded him, as he managed to singlehandedly shut down the spread of the malware?