AMP AMP

Wannacry attack is far from over – Experts

ransom

Last week the whole world witnessed the ugly effects of the wannacry, a ransomware attack which halted many hospitals, universities and businesses globally. When the entire world was thinking that anything worse than this is least likely to happen, the opinions from several experts proclaiming that the ransomware is just an appetizer and the main course is yet to be served, ignited everyone’ s fear.

" That was just a big warning," says Rick McElroy, a security strategist at Carbon Black, one of the top agencies that develops endpoint cybersecurity software to detect malicious behavior. " If you weren' t impacted by this one, something is going to come down the pike that' s more advanced that you’ re probably not prepared for. So start to build your defenses today to get out in front of this stuff,” he further added.

Various sources speculate that this attack may open new doors for cybercriminals who are likely to attempt to profit from this and similar vulnerabilities.

The whole online turmoil started last week when the hackers hatched the Wannacry ransomware, also referred as called Wana Decryptor, WanaCrypt or WCry. The spiteful ransomware used the tools discovered in leaked documents from the National Security Agency (NSA) to compromise a file-sharing protocol in older Microsoft programs. What followed as a ransom message which appeared on all the compromised computers, the message demanded $300 in bitcoin for the code to unlock computers.

Although Microsoft issued a patch in March that protected newer Windows systems, a majority of the infections occurred on unsupported Windows XP systems still widely used in health care, academia, businesses and on home computers, stated Microsoft President Brad Smith on the company blog post. “ We take every single cyber-attack on a Windows system seriously, and we’ ve been working around the clock since Friday to help all our customers who have been affected by this incident,” Smith wrote. Microsoft also reversed its policy to now support users with older systems.

FAQ
Q
How did WannaCry spread?
A
The rapid spread of the malware Friday, and the lack so far of any samples of phishing emails specific to this attack, indicate that WannaCry may be a computer worm, spreading throughout the world without human assistance.
Q
How does WannaCry work?
A
Once inside a business or organization's network, WannaCry uses the ETERNALBLUE exploit to leverage a flaw in Microsoft's Server Message Block (SMB) protocol. It will spread to any connected Windows PC that has not been updated to guard against ETERNALBLUE.
Q
What to do if I’m infected by WannaCry?
A
If your computer is already infected, it may be too late, but here’s what the experts recommend. First, do not click on “decrypt” or “check payment.” Paying the ransom doesn’t always work: one in five users who pay never get the promised remedy. After all, you’re dealing with criminals on the other end of the transaction.
Q
How to defend/protect against WannaCry?
A
Make sure your computer’s software up to date.,
Create a full image backup of your system, ideally using a secure backup solution with active ransomware protection.,
Regularly download updates for your anti-malware software to ensure its signature database is up-to-date,
Be alert to how criminals try to get malware on your system.
Q
What is WannaCry?
A
WannaCry is a piece of ransomware that is also known as WannaCrypt (as well as WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2). What it’s called isn’t as important as what it does.

What’s been so devastating about WannaCry is how quickly it spread. Leveraging a vulnerability in Windows with the worm-like exploit called EternalBlue (which originated with the USA’s National Security Agency, but was made public by the Shadow Brokers hacking group), WannaCry exploits a flaw in Microsoft’s network file sharing protocol. It seeks out other vulnerable computers on the network to infect, which allows it to spread at an exponential rate.