Many organizations around the world were victims of malicious “WannaCrypt” software last week. Seeing businesses and individuals affected by cyber attacks like this is painful. This unprecedented malware has infected about 57,000 computers in more than 150 countries by the end of the day on Friday. While the spread of this terrifying ransomware was slowed on Saturday, it hardly stopped. As of Monday, more than 200,000 systems around the globe are believed to have been infected.
First of all, let’s clarify exactly what WannaCrypt is. WannaCrypt Ransomware, also known by the names WannaCry or Wcrypt is a ransomware which targets Windows operating systems.
WannaCry is so far the most severe malware attack in 2017, and the spread of this troubling ransomware is far from over.
This malware is a type of Trojan virus. The virus holds the infected computer as hostage and demands that the victim pay a ransom amount in order to regain access to the files on his or her system.
RansomWare like WannaCry works by encrypting all of the files on a user’s computer. Then, the software demands a ransom to be paid in order to have the files decrypted. In the case of WannaCry specifically, the software demands that the victim pays a ransom of $300 in bit coins at the time of infection. If the user doesn’t pay the ransom without three days, the amount doubles to $600. After seven days without payment, WannaCry will erase all of the encrypted files and all data will be lost.
Here are a few things for your reference:
- If you are using Win Vista, 7, 8.1 & 10: Those who have Windows Security Update enabled are protected against attacks on this vulnerability.
For those organizations who have not yet applied the security update can immediately deploy Microsoft Security Bulletin MS17-010.
- Activate Windows Defender: For users, using Windows Defender, an update was released which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Users running anti-malware software from any number of security companies can confirm with their provider whether they are protected and secured.
- If using older version of Windows: Users running versions of Windows that no longer receive mainstream support may not have received the above mentioned Security Update released in March, those users can use the Security Update for platforms in custom support of Microsoft. Windows XP, Windows 8 and Windows Server 2003 Security Updates are broadly available for download.
- Additional Steps to consider: This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, users should consider blocking legacy protocols on their networks).
More information on the malware is available from the Microsoft Malware Protection Center through the Windows Security blog. The link for the same is given below-
Author- Simpi Nath