Wannacry Ransomware 2017 Attack Explained
Friday marked the day Wannacry Ransomware was unleashed onto the world and it has done some serious damage. The ransomware has encrypted files on tens of thousands of Windows computers worldwide and is now demanding money in exchange for a way to decrypt. What could have been avoided with a simple Windows update, has become a large-scale attack that has affected more than 230 thousand computers in 150 countries. Businesses and organizations have become major victims in this attack, with Spain’s Telefónica and Britain’s National Health Service among those affected.
Wannacry Ransomware may infect via known exploit
It is believed that the ransomware uses a known exploit to infect computers that do not have an essential fix installed. Reportedly, the exploit is known as EternalBlue and is thought to have been developed by the NSA, the National Security Agency. Windows has released a patch to fix the vulnerability back in March, but a lot of users failed to install it, or use no longer supported versions of Windows. Windows has since released emergency fixes for all versions. It is also believed that if one computer is infected, all systems on the same network could be at risk. In order to prevent an attack, it is important that users install the update immediately.
The large-scale attack has proven that users are not as security-cautious as they should be. Entire organizations still use versions of Windows that are no longer getting updates and are essentially abandoned by Microsoft. The company has stopped releasing security updates for Windows XP back in 2014 and yet it still remains highly popular and can be found on many computers three years later. Using outdated software means there is a higher risk of someone taking advantage of vulnerabilities, which evidently can have serious consequences.
The attack has since been slowed down by a researcher who discovered a kill switch. Although new versions have been appearing, the researcher has succeeded in slowing down the spread significantly. This does not, however, help people who have already become victims. They are stuck with encrypted files.
When ransomware infects your computer, it encrypts files found on your computer and then demands a ransom. Ransomware are one of the most dangerous forms of malware out there as in a lot of cases an infection leads to file loss. In the case of Wannacry Ransomware, the ransom note will appear on your screen immediately after files have been encrypted. The victims will be informed of what has occurred and what they need to do to get the files back. It asks that victims transfer $300 worth of Bitcoins to the provided wallet in order to get the decryptor. The victims are given 3 days to make the payment and when the time runs out, the price is doubled. If payment has not been made within 7 days, files are supposedly lost.
Should victims pay the ransom?
Victims, most of whom are businesses and organizations, now face the dilemma on whether they should pay the ransom. Researchers and malware specialists have a simple answer to that and it is ‘no’. Paying very rarely leads to file decryption, especially in this case. Victims seems to forget that they are dealing with cyber criminals who do not feel obligated to help victims. In the case of Wannacry Ransomware, it is believed that the decryption process needs to be initiated by an actual human being, and it is highly doubtful the criminals would go through so much trouble, given the scale of the attack. After all, they would have already gotten their money. Paying the demanded sum is also supporting their criminal activities so you could essentially be helping finance their future projects, some of which could do some serious damage
This attack just goes to show just how important it is to have backup. If a business or an organization were hit by this kind of attack and had no backup, it could mean serious trouble because important files could be lost. Backing up files regularly is essential and should be a must for everyone using the Internet and storing important files on their computer. Even if you were not hit with Wannacry Ransomware, there are plenty of other threats and a simple backup could save you a lot of trouble.
It does not seem like Wannacry Ransomware has specific targets but it appears businesses and organizations are more at risk compared to the average user. That does not mean, however, that if you are a regular users you are completely safe. This may be just the beginning of an even larger attack and more users could become victims at any time so update your software as soon as possible. It is also recommended that you make it a habit and not click ‘remind me tomorrow’ when a notification appears informing you about crucial updates. Cyber crime is becoming more and more widespread and it is up to you to protect yourself.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.
Leave a comment