WannaCry ransomware, also known as WanaCryptor 2.0, is a ransomware program targeting Microsoft Windows and was detected this Friday as one of the most widely spreading ransomware around the world, earmarking users and organizations including NHS (British National Health Service) in England, Telefonica in Spain, Fed Ex in USA, Interior Ministry of Russia and Academic Institutes in China.
Breaking it down.
A ransomware is a program run by a group of remorseless hackers that take control of computers and block access to them, until the demanded ransom is paid. This ransom, in the case of wannaCry ransomware, is in terms of bitcoins. It displays a message on the screen and blocks all access to your files by encrypting them. Simple ransomwares can be reversed by professionals. However, it is highly difficult and challenging to do so with a complex one like wannaCry. This exploit is termed as Eternal blue.
Why should the common man worry?
The ransomware has been spreading very fast and has already affected 150 countries within 2 days. It had affected 11 countries in less than the first two hours. The wannaCry ransomware has not specifically targeted the organisations that were influenced, which means that it could be random and this is what the common man should be aware of. Ransomwares might enter the computer when users download the wrong files or due to the vulnerability in network service and also through baleful email attachments. The ransomware can encrypt a wide range of file types including the ones with following extensions: .txt, .doc, .pem, .der, .zip, .gif, .raw, .sch, .avi, .wks, .123, .fla, .cmd, .vcd, .jpeg, .mp4, .ps1, .dip, .3gp, .PAQ, only to state a few.
What actually happens when a computer is attacked?
All the files on the computer are encrypted by the malicious software, leaving only two files open for the user – Instructions set on what has to be done next as a .txt file named ‘!Please Read Me.txt’ and a window demanding ransom and displaying content that essentially means, all files from the computer will be deleted if the user fails to pay the ransom, within a certain amount of time, which adds to the psychological constraint. The ransom demanded is often between 0.3 to 1 bitcoin, which amounts to 28,000 to 1,00,000 Rupees. Here’s how the window looks like:
The WannaCry Ransomware attack was detected this Friday, on the 12th of May 2017, and by the weekend it has been reported to have affected around 2,30,000 computers in 150 countries. It began with Russia, spread to Ukraine, Taiwan and the other countries. This is huge.
If your computer is attacked, DO NOT pay the ransom, as that would only encourage the hackers. Speaking of which, a lot of concerns in the readers’ minds on ‘How the data is to be protected otherwise?’ cannot be left unaddressed.
The security evangelists suggest that, the best security strategy for protection of your data, is prevention and backup of data and The Indian Computer Emergency Response Team is doing their part to help us stick to the strategy. In view of high damage potential of the ransomware, a webcast has been arranged to create awareness among users/organizations on the 15th of May from 11 AM on http://webcast.gov.in/cert-in/. Tune in to the link for any further in-depth information regarding the ransomware and its prevention measures. It will only take 20-25 minutes to watch the video and protect your systems. Beware, Be protected.