What is WannaCry Ransomware
In May 2017, a novel threat affected a large portion of the online world for 72 hours. The global business sector was exposed to a fast-spreading malware that compromised the systems of major, established firms, both private and public, as well as small and medium-sized businesses.
Before the campaign began to wane, the WannaCry ransomware had infected 300,000 machines across 150 countries, including famous private targets such as Boeing, Renault, Honda, and FedEx. Users were prompted on their home screens to pay a digital currency ransom or risk having their, their customers’, and partners’ data destroyed.
How Does It Work?
WannaCry searches for and encrypts 176 distinct file types, as well as appends malicious code to them. WCRY is appended to the end of the file name. It requests that users pay a ransom of $300 in bitcoins to unlock the computer. The ransom message specifies that the payment sum would be increased after three days if the ransom is not paid. In the event of non-payment after seven days, the company states that the encrypted files would be destroyed. Symantec, on the other hand, has not discovered any code inside the malware that would cause data to be destroyed.
1. the computer becomes infected,
2. contact is then made to the central computer to access the information that is needed to commence the ransomware programs.
3. all files get encrypted.
4. a message is then posted requesting payment to decrypt the files.
5. pressure is mounted for the sum to be paid or else threatened to lose the information.
How is the infection spread?
Most times ransomware is hidden and spread within PDF, word documents, and other files that are usually sent through email, or through a computer that has been already infected by the virus. This also opens the door for future attacks.
While ransomware can infect any computer, the most common infected device is a laptop or workstation owned by the end-user. Thus, data on local discs, file shares, and mapped network drives is at risk of being compromised. The replicative nature of cloud storage solutions makes them vulnerable as well. Ransomware replaces original files with encrypted ones, therefore most cloud storage services precisely reproduce the modifications. Despite the fact that some of these systems can handle file versioning, they don’t usually provide a way to recover vast volumes of data in bulk.
Microsoft SMB Flaw
WannaCry was spread by Microsoft SMB flaw. This Is a protocol that is used to share files between computers that are usually on a closed network. This is then exploited if one of those computers is connected to a network that is public.
What is WannaCry?
WannaCry is a ransomware that has Infected NHS computers and has spread rapidly through its network. It is also referred to as WanaCryptOr 2.0, Wanna Decryptor 2, WannaCry 2, Wanna Decryptor 2.0, and WCry 2.
Although ransomware and malware are a critical threat to any industry in the healthcare sector it becomes more severe. One security attack can decide the difference between the life or death of many people. WannaCry ransom attack in May 2017 is one of the best examples in this direction when the NHS group of hospitals have to shut down their operations because due to the ransomware attack, the hospital staff was unable to access records and medical history of patients.
What is the Initial Infection?
The initial infection of WannaCry Ransomware as we have noticed is unknown. The routine of this infection vector Is not large; Initially, that attackers targeted only a small number of PCs with the worm, and then the worm continued a routine to other computers.
How to Stay Protected from WannaCry Ransomware
Awareness and knowledge on how to recognize potential ransomware payloads and how to avoid them appear to be the greatest method against ransomware – after all, prevention is always preferable to cure. While this may be effective, the reality is that ransomware authors only need to breach a barrier once to carry out their malicious activity, and they continuously vary their strategies to do so. Even the most prepared among us can be outwitted at times.
Much of the material around WannaCry has concentrated on the Microsoft vulnerability and the critical nature of system updates. While this is critical, it cannot provide 100 percent protection against new Wannacry ransomware versions that use unpatched zero-day vulnerabilities.
What, then, can be done in addition to staying current with OS updates and security patches? The best security against WannCry ransomware, according to experience, is a data backup. Even if their other ransomware safeguards fail, a clean backup of an organization’s data can keep them from being kept captive by an attacker.