What is Ransomware?
Ransomware is a form of malware that was made by its creators to cause problems on a PC which blocks access to information. The creators will essentially block files and demand money to give access to the information.
How Does It Work?
1. the computer becomes infected,
2. contact is then made to the central computer to access the information that is needed to commence the ransomware programs.
3. all files get encrypted.
4. a message is then posted requesting payment to decrypt the files.
5. pressure is mounted for the sum to be paid or else threatened to lose the information.
How is the infection spread?
Most times ransomware is hidden and spread within PDF, word documents and other files that are usually sent through email, or through a computer that has been already Infected by the virus. This also opens the door for future attacks.
Microsoft SMB Flaw
WannaCry was spread by Microsoft SMB flaw. This Is a protocol that is used to share files between computers that are usually on a closed network. This is then exploited if one of those computers is connected to a network that is public.
What is WannaCry?
WannaCry is a ransomware that has Infected NHS computers and has spread rapidly through its network. It is also referred to as WanaCryptOr 2.0, Wanna Decryptor 2, WannaCry 2, Wanna Decryptor 2.0 and WCry 2.
Although ransomware and malware are a critical threat to any industry in the healthcare sector it becomes more severe. One security attack can decide the difference between life or death of many people. WannaCry ransom attack in May 2017 is one of the best examples in this direction when the NHS group of hospitals have to shut down their operations because due to the ransomware attack, the hospital staff was unable to access records and medical history of patients.
What is the Initial Infection?
The initial infection of WannaCry Ransomware as we have noticed is unknown. The routine of this infection vector Is not large; Initially, that attackers targeted only a small number of PCs with the worm and then the worm continued a routine to other computers.
Composition of WannaCry
The WannaCry Ransomware is composed of two main parts: a ransomware module and a worm module. The ransomware module is spread by the worm module companion and the worm module uses Microsoft Windows SMB Server Remote Code Execution Vulnerability (CVE-2017-01440as its main route to spread the infection. It also uses Microsoft Windows SMB Server Code Execution Vulnerability (CVE-2017-0145).