WannaCry: What You Need to Know About This Ransomware
It has been rated as the worst ransomware attack in history. Here we explain what you need to know about WannaCry to protect yourself or recover your files …
On May 12, a massive ransomware cyberattack called WannaCry spread across the web, encrypting the data files of its victims in more than 150 countries. This extortion malware has reached thousands of people and large institutions around the world, such as FedEx or the National Health Service of Great Britain, Telefónica, the French car manufacturer Renault and even the state police of India.
Encrypted computers display ransom notes demanding hundreds of dollars in Bitcoin with no guarantee of unlocking the files.
How is WannaCry spread?
The incredible speed of WannaCry, which spread to hundreds of thousands of infected computers in just a few hours, surprised everyone. That speed and range are motivated, in large part, by two factors that we detail below.
First, unlike common ransomware that spreads via infected websites or email attachments, WannaCry also incorporates elements of a worm. Computer worms are not transmitted by infecting files, as viruses do, but through networks, where they look for vulnerabilities in other connected computers. Thus, having infected a computer on a network, it progressively managed to infect them all.
Second, the WannaCry worm uses a security breach allegedly created by the US National Security Agency (NSA) and leaked to the public through the hacking organization The Shadow Brokers. The security breach exploits a vulnerability in the Windows Server Message Block (SMB) protocol that devices use to communicate on a shared network. Specifically, it was looking for any PC that had Samba’s TCP port 445 accessible.
Until it was leaked, this security breach was unknown to the world (a zero-day threat) and Microsoft was only able to publish its corresponding patch in March, but millions of users still do not install the patches and the old versions of Windows for those that Microsoft has discontinued received no update notice. Since then, Microsoft has released patches for even the oldest systems; If you have Windows 8 or an earlier version, you should install these as soon as possible.
Now that Pandora’s box has been opened, I do not doubt that new varieties of this ransomware will appear.
Who was affected?
The countries most affected, according to our data, are the following (in order): Russia, Ukraine, Taiwan, India, Brazil, Thailand, Romania, the Philippines, Armenia, and Pakistan. More than half of the attempted attacks that we recorded were in Russia.
Large institutions were also hit hard, particularly hospitals and other public services. Many of these entities use obsolete systems to carry out their activities and have no possibility of updating them.
For home users, many had not installed the security patches released in March. Older versions of Windows that Microsoft no longer supports weren’t even able to install security patches until the weekend the attack occurred.
Is my PC at risk of a WannaCry attack?
If you have a Windows computer, you are potentially vulnerable to this ransomware. Here are some tips that you should follow immediately to ensure your protection:
1. Update the Windows operating system with the latest security patches.
Microsoft released Windows security updates for this vulnerability when the group The Shadow Brokers leaked it in March. The bug is so serious that it even published security patches for the versions of Windows that it no longer supports, such as Windows XP and Vista ( you can see them here ).
However, millions of users have ignored these updates. Do not be one of them.
2. If you have not done so already, install an updated antivirus
The security breach the NSA had created was quickly repurposed to harm, so relying solely on Microsoft’s security patches is not enough. A new variety is likely already on the way. A good antivirus program that includes anti-ransomware capabilities is essential to detect the ever-evolving threat of ransomware.
3. Start backing up your PC
If you’re like most people, you’ve probably been given this advice and ignored it, but with the low prices of external hard drives and the ease of backing up, there’s no excuse not to follow it. Making a backup copy a week is more than enough in most cases and it can save you a lot of headaches in case the PC becomes infected.
4. Beware of phishing links and emails
Although the WannaCry worm contributed to its spread, this component used phishing emails and fraudulent links as an entry point. Please review emails and links carefully before clicking on them. Not sure what to look out for? Here is a simple test to find out.
Does antivirus block WannaCry?
Yes. All Protegent360 security products detect WannaCry ransomware. Protegent360 antivirus software goes even beyond the detection of normal code signatures and looks at the actual behavior of installed applications. So even if you don’t know what the next strain will be like, you will know how to stop it when you see it kick in.
