Ransomware works by infecting a computer, locking users out of the system (usually by encrypting the data on the hard drive), and then holding the decryption or other release key ransom until the victim pays a fee, usually in bitcoin.
WannaCry is a fast-spreading ransomware that exploits a vulnerability in Server Message Block 1.0 (SMBv1). The attack exploits Windows operating systems missing a security patch which was released by Microsoft in March of 2017.
The most common ways of installing the WannaCry malware are through clicking links in compromised emails and navigating to infected websites. The WannaCry ransomware, once opened by a single user on a computer network, is able to spread to many other machines on that network, vastly expanding the reach of the attack. So far, over 237,000 computers across 99 countries globally have been infected. The numbers continue to rise.
- Once a machine is compromised, WannaCry locks all files on the computer. The WannaCry Ransomware requires victims to pay $300 in Bitcoins to get back control of their systems, along with a threat to double the price to $600 T here’s no guarantee of getting the files back even after paying the ransom.
- WannaCry scans for other vulnerable computers connected to the same network, moving laterally, locking other machines for ransom, and scans random hosts on the wider Internet, to spread very quickly
- On 5/13/17, a security researcher activated a “Kill Switch” to stop the original WannaCry ransomware from spreading further. (The switch was hard-coded into the malware in case the creator wanted to stop it spreading.)
- As of 5/14/17, multiple security researchers have claimed there are more samples of WannaCry, without any kill-switch function, continuing to infect un-patched computers worldwide. Several reports indicate a WannaCry 2.0 version has been released without any ‘kill-switch’ function. Therefore, patching of vulnerable systems is recommended.
• Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
• Microsoft Windows Server Core Installations 2008, 2008 R2, 2012, 2012 R2, 2016
RECOMMENDATIONS FOR HOME USERS:
• Patch your systems with Microsoft patch MS17-010 immediately.
• If you are using unsupported versions of Windows (including Windows XP, Vista, Server 2003 or 2008), Microsoft has released a patch for these operating systems. Apply the patch immediately.
• Keep your home computer’s operating systems patched and up-to-date. Utilize automatic updates to receive the latest Microsoft security patches.
• Use a reliable anti-virus and keep your Antivirus signatures up-to-date
• Create file backup copies on a regular basis and store the copies on storage devices that are not constantly connected to the computer.
• Be vigilant when it comes to email and Internet browsing behavior.
• Beware of Phishing: Always be suspicious of uninvited documents sent via email. Do not click on links in emails or attachments from unknown or un-trusted sources