Malicious software called Ransomware Attacks has affected total 74 countries including india, heare is a guide How to Secure Yourself from WannaCry Ransomware Attacks. What is WannaCry which has affected thousands of computers globally, also known as WanaCrypt0r 2.0, WannaCry and WCry.
How does WannaCry Ransomware work?
WannaCry is a form of Ransomware that locks entire files on victim computer and also encrypts entire Files saved on victim computer in a way that user can not access them anymore.
How does WannaCry Ransomware spread?
Ransomware is a malicious program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom. WannaCry is the malicious program this encrypts your entire files and demands some payment in bitcoin in order to regain access to your files.
Security experts warn there is no guarantee about the regain of access after payment on Ransomware Attacks. Some Ransomware encrypts files demanding more money after 1st payment and threatening users to delete files thoroughly.
Ransomware execute programs that can entirely lock your computer, only showing a message to make payment in order to regain access, and some ransomware programs creates difficult or impossible to close pop-ups.
Where WannaCry Ransomware Attacks spread?
“Looks to be targeting a wide range of countries”, with initial evidence of infections in 24 nations according to experts from three security firms. Said by British based cyber researcher Chris Doman.
The ransomware attack appeared in 8 Asian countries, 12 countries in Europe, Turkey and the United Arab Emirates and Argentina and appears to be sweeping around the globe, researchers said.
What is so special about WannaCry?
The WannaCry is not just a ransomware program, also it is a worm. Means that it gets into your computer and looks for other computers to try and spread it-self as far and wide as possible.
Ransomware has a habit of changing over time in order to find different ways to access other computers or to get around patches (operating system updates that often include security updates). Many security firms are already aware of WannaCry in past forms and most are looking at this one right now to see how it might be stopped.
Cyber security firms said WannaCry exploits vulnerability in Microsoft and that Microsoft patched this vulnerability in March. But users do not install updates and patches on their computers and so this means vulnerabilities can remain open a lot longer and make things easier for hackers.
Vulnerability in the Windows operating system believed to have been developed by the National Security Agency, which became public last month. It was among a large number of hacking tools and other files that a group known as the Shadow Brokers released on the Internet. Shadow Brokers said that they obtained it from a secret NSA server.
The exploit is known as EternalBlue, and the backdoor it uses on the system is known as DoublePulsar.
The identity of Shadow Brokers is unknown though many security experts believe the group that surfaced in 2016 is linked to the Russian government. The NSA and Microsoft did not immediately respond to requests for comment.
What are the preventive measures that can be taken on Ransomware Attacks?
Cyber security experts are scrambling to come up with a decryption too, there are currently no known ways of recovering the affected files. The Indian Computer Emergency Response Team (CERT-In) has put up a red alert advisory asking all system administrators and users to apply the security patches released by Microsoft to fix the vulnerability. Users are also advised to back up critical data, preferably in an air-gaped system or external hard drive that is not connected to LAN networks.
And users are advised to be careful while clicking links from unsolicited or unexpected emails. Be very careful and authenticate the source before enabling macros while using Microsoft Outlook. If a link has to be clicked, a safer option is to close the browser with the email account, or the software used to access the emails, and navigate to the web site directly from a fresh browser window. Updated antivirus software and enabling firewall are both highly recommended.