Blog

WannaCry Ransomware Attack: A Breakdown

posted by: Blog Author date: May 18, 2017 category: All, Malware comments: 0

What is it?

A global epidemic, WannaCry Ransomware is a type of Malware that has recently attacked victims across all industry sectors such as: Hospitals across the UK; Police Departments in India; car factories in France (like Renault and Nissan) and Universities in China.

Ransomware, a growing trend, is when hackers encrypt your files on your computer and will not release them unless you pay a ‘ransom’. WannaCry Ransomware, also known as “WannaCrypt”, “Wana Decryptor” or “WCry”, has affected more than 200,000 computers across 150 countries, predominantly targeting computers powered by older verions of Microsoft Windows ,such as Windows XP and Windows 8 that have not recently been patched.

How it works?

Businesses with computer networks have been highly targeted and are most at risk (such as hospitals and departments with multiple computers). This is due to the use of Server Message Block (SMB), which is used by Windows to connect files within networks, allowing the ransomware ‘worm’ to easily spread and infect an entire business. WannaCry Ransomware is initially sent via an email or as an attachment to download. Once deployed, it then encrypts the data on a computer that has been infected and demands payment in bitcoin for the files to be unlocked or decrypted.

A month prior to this attack, a similar ransomware campaign against Microsoft was released, in which Microsoft patched the software with an update to protect computers against a further attack. Unfortunately, not all computers were updated.

What does this mean for Aussies?

There have been three reports of this attack here in Australia and there are fears there could be more due to people returning to work from the weekend. Currently, Australia suffers a loss of $1 billion to ransomware attacks. Luckily, as this attack hit other parts of the world first, we have had the ability to understand the risk and start preparing ways to protect ourselves.

How to prevent and attack?

While a ‘kill switch’ was inadvertently discovered (by a 22-year old security researcher from England, known as MalwareTech who registered a domain name to stop the worm from spreading), fears surrounding the WannaCry Ransomware are that an updated version will be generated with a bug fix that does not contain this ‘kill switch’ feature. People should be on high alert for a repeat attack and begin securing and updating software to avoid being targeted. Due to the success of this outbreak over the weekend, copycat criminals are likely to try imitating this type of attack. Below are some ways to prevent a WannaCry Ransomware attack:

  • Install the latest Windows Patch: Microsoft released a Security Bulletin MS17-010 that patched the vulnerability of an attack in March, but have also released a separate patch for users of the older operating systems such as Windows XP and Windows 8. Check which versions of Microsoft Windows are still supported by the company and have patches available. Microsoft XP has not been supported by Microsoft for a long time and therefore is an easy target for criminals, however, Microsoft kindly released an out of bounds patch for unsupported operating systems such as Windows XP and Server 2003, so users can install a patch rather than having to attempt upgrades to newer system in order to be secured against this worm.
  • Do not pay the ransom: there is no guarantee that paying the ransom stipulated by the criminals will release the files and get rid of the virus from your computer. Do not be tempted to pay, even when there are warnings that the ransom will double within hours. The WannaCry Ransom started at $US300: paying the ransom funds the criminals to attack further, including other computers.
  • Provide Security training: internal employees, customers and anyone related to the business should be aware and receive regular security training to spot unusual emails. Criminals rely on the naivety of individuals to fall for the attack.
  • Stay away from files with extensions such as “.exe,” “.vbs” and “.scr.” By enabling the “Show file extensions” option on your Windows computer, these files will be easier to see and identify as malicious.

WannaCry Ransomware has been one of the biggest attacks in history and is still an escalating threat due to vulnerabilities in older Microsoft Windows versions and the lack of individual user awareness. Due to the success of this attack in targeting top businesses and the fast infection rate, this attack could be easily replicated and repeated. Taking steps, such as installing the latest patches for your computer operating system, and conducting security awareness training for your staff, can help prevent and protect you from falling victim to this attack.

Comments are closed.