- Get link
- X
- Other Apps
Why self-propagating encrypted ransomware "WannaCry" is dangerous and how to prevent infection.
A few days ago, the outbreak of encrypted ransomware "WannaCry" began. Its scale is seen as global, and we have observed 45,000 attacks in just one day. The actual number of attacks will definitely exceed this number.
What happened
Several large organizations reported the infection all at once. Among them, several hospitals in the UK have had to suspend surgery. WannaCry has reportedly infected more than 100,000 computers, and its size is drawing attention.
Most of the attacks have taken place in Russia, but Ukraine, India, and Taiwan have also been hit by WannaCry. We found WannaCry in 74 countries, but this is data only on the first day of the attack.
WannaCry: Exploit and spread
After successfully hacking a computer, WannaCry spreads to other computers over its local network, much like a computer worm. If a computer with the same vulnerability is found, it will be infected with the help of EternalBlue and the files on the computer will be encrypted.
When one computer is infected, WannaCry can spread the infection throughout the LAN and encrypt all the computers on that network. That's why large companies are suffering from WannaCry attacks. The more computers you have on your network, the greater the scale of damage.
WannaCry: Encrypted ransomware
WannaCry's function as encrypted ransomware, like any other encrypted ransomware, encrypts files and demands a ransom in exchange for decryption. WannaCry is very similar to a variant of the ransomware "CryptXXX" that raged last spring. In addition, it seems that WannaCry is sometimes called "WCrypt" " Wanna Decryptor ", but even if it has the name "Decryptor", it performs encryption as a function, and it does not have a decryption function. There is none.
WannaCry encrypts different types of files. Office documents, images, videos, compressed files, and other file formats that may contain important user data are affected ( see here for all file formats ). Encrypted files have a ".WCRY" extension (the name WannaCry comes from here) and can't be opened.
After encryption, the desktop wallpaper is changed to an image that contains content that tells you the fact of the infection and tells you what action to take. In addition, a text file with the same text is placed in each folder on your computer so that the infected person will definitely notice the message.
As with most ransomware, you pay the ransom with Bitcoin, and then all the files are decrypted. Initially, the ransom was $ 300, but it was later raised and the latest version of WannaCry demands $ 600.
The message also includes a threat that the ransom will increase in three days and will not be decryptable in seven days. There is no guarantee that the file will be decrypted just because you paid the ransom, and we do not recommend paying. In reality, ransomware has been reported in the past that demands a ransom after deleting a file easily (that is, the file cannot be decrypted at all).
To protect yourself from WannaCry
Unfortunately, there is currently no way to decrypt files encrypted by WannaCry (we are currently working on it). Therefore, the best bet is to prevent infection.
To prevent infection and minimize damage, please refer to the following.
- Please install the total security software security update. If you are using Windows, be sure to install the security update for MS17-010. Security updates are also available for operating systems that are no longer officially supported, such as Windows XP and Windows Server 2003. Install now.
- Make regular backups of your files and store them on a storage device that you wouldn't normally connect to your computer. If you have a recent backup, you can recover even if you are infected with encrypted ransomware (although it will take some time to recover).
Comments
Post a Comment