Unfortunately, this weekend didn’t bring good vibes for a lot of us! The world witnessed one of the biggest cybercriminal attacks, holding thousands of systems as hostage and covering major parts of the globe.
Banks, telephone companies and hospitals have all been ensnared in this worldwide Ransomware attack dubbed as ‘WannaCry’, a malware which locks down computers while demanding a hefty sum for freedom. By the end of Friday, when initial strains of WannaCry were detected, hundreds of thousands of computers were already affected with millions worth of data compromised.
Understanding WannaCry Ransomware
WannaCry or WanaCrypt0r 2.0, is a Ransomware program targeting Microsoft Windows. On Friday, this large cyber-attack occurred infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm.
If you get infected by this virus, then by the time you’ll open your system all your documents might have been encrypted. Unless you pay the ransom in a couple of days, your data will be erased. It demands ransom in the form of Bitcoin currency and gives an entire guideline along with it, including how to buy it, and Bitcoin address where you need to send in the amount.
No wonder why the cyber villains preferred bitcoin currency as a payment method, it is decentralized, unregulated and almost impossible to trace!
The Second Wave of Cyber Attacks has Begun
A glimpse of WannaCry Infection map. And the numbers are rising!
This Ransomware assault has hit many PCs crosswise over China, Russia, Spain, Italy and Vietnam, however some hospitals in England have pulled prime attention since thousands of lives remain at risk while systems were locked down.
Who Was Behind the Attack and What Was Their Motivation?
The hack remains unknown till yet, however it is widely accepted that the hackers used the ‘Eternal Blue Hacking Weapon’ created by America’s National Security Agency (NSA) to gain access to Microsoft Windows computers used by terrorist outfits and enemy states.
Although Microsoft had provided a patch for the software several months ago, not everyone updated their systems, which led to the vulnerabilities that the still-anonymous hackers exploited.
It Gets Worse!
According to security researchers, the Ransomware encrypts data files and asks users to pay a bitcoin ransom of $300, which doubles if payment isn’t made after three days. After a week, the encrypted files will be deleted.
How to Protect Yourself from WannaCry Ransomware?
As Ransomware is a lucrative business, the frequency of such attacks is only going to rise with each passing day.
“The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft (MSFT, Tech30) released a security patch for in March. But computers and networks that hadn’t updated their systems were still at risk,” as reported in CNN Tech.
First things first, do ensure that you have the latest version of antivirus installed on your system. in addition, take a look ate Microsoft’s latest security updates for Windows SMB server. You can learn more about enabling and disabling Server Message Block (SMB) here.
Additionally, refer to Microsoft’s official guidelines on how you can protect yourself from WannaCry Ransomware, hoping you have not been infected already.
Alternatively, the following ‘workarounds’ might be of some help to you as well.
For customers running Windows Vista and later
See Microsoft Knowledge Base Article 2696547.
Alternative method for customers running Windows 8.1 or Windows Server 2012 R2 and later
For client operating systems:
- Open Control Panel, click Programs, and then click Turn Windows features on or off.
- In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.
- Restart the system.
For server operating systems:
- Open Server Manager and then click the Manage menu and select Remove Roles and Features.
- In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
- Restart the system.Impact of workaround.
The SMBv1 protocol will be disabled on the target system.
How to undo the workaround.
Retrace the workaround steps, and select the SMB1.0/CIFS File Sharing Support check box to restore the SMB1.0/CIFS File Sharing Support feature to an active state.
But How do I Avoid Getting Infected by Ransomware in the First Place?
You can’t ‘avoid’ attacks per se because Ransomware keeps evolving and figuring out new ways to infect systems. But what you can do is to keep a backup of your data which means you won’t lose anything even if you are infected. Also, if you have a backup you don’t need to pay ‘ransom’ to get your own data back.
You can also ensure overall protection from any kind of malware/ransomware attack with the aid of the following steps:
- First and most importantly, as Email is one of the main infection methods, DO NOT open any suspicious email link or attachment.
- Deploy an effective security software to reduce the attack surface.
- Try and avoid working on Windows Vista, XP or any older versions.
- Back up all your important data to combat Ransomware infection so that even if cyber criminals get a hold on it, you won’t have anything to lose. One such nifty tool is Ransomware Protector, a simple and secure cloud storage solution which safeguards all your valuable data.
- Update your Operating system and all other software to its latest version.
- Do Not pay the Ransom as there’s no guarantee that even after paying the ransom you’ll get your data back.
Follow these guidelines to stay ahead of their vicious schemes.
Privacy is one valuable asset, be Safe…