Ransomware is a type of malware that encrypts the victim’s data until a sum of money is paid to the hacker. The hacker would then release a decryption key for the victim to get their data back.
Ransomware uses asymmetric encryption, using a pair of keys (public, private) to encrypt and decrypt a file. These keys are generated uniquely by the hacker, with the private key to decrypt stored on hacker’s server, making it available after the payment is received. It is nearly impossible to decrypt the data without the private key.
WannaCry Ransomware is malware that targets Windows systems. It encrypts the files on the infected system and demands a ransom to decrypt them.
In May 2017, a novel threat affected a large portion of the online world for 72 hours. The global business sector was exposed to fast-spreading malware that compromised the systems of major, established private and public firms and small and medium-sized businesses.
Before the campaign began to wane, the WannaCry ransomware had infected 300,000 machines across 150 countries, including famous private targets such as Boeing, Renault, Honda, and FedEx.
Users were prompted on their home screens to pay a digital currency ransom or risk having their customers’ and partners’ data destroyed.
How Does It Work?
WannaCry searches for and encrypts 176 distinct file types and appends malicious code to them. WCRY is appended to the end of the file name. It requests that users pay a ransom of $300 in bitcoins to unlock the computer. The ransom message specifies that the payment sum would be increased after three days if the ransom is not paid. In the event of non-payment after seven days, the company states that the encrypted files will be destroyed. On the other hand, Symantec has not discovered any code inside the malware that would cause data to be destroyed.
1. the computer becomes infected,
2. Contact is then made with the central computer to access the information that is needed to commence the ransomware programmes.
3. All files get encrypted.
4. A message is then posted requesting payment to decrypt the files.
5. pressure is mounted for the sum to be paid or else threatened to lose the information.
How is the infection spread?
Most times, ransomware is hidden and spread within PDFs, Word documents, and other files that are usually sent through email, or through a computer that the virus has already infected. This also opens the door for future attacks.
While ransomware can infect any computer, the most common infected device is a laptop or workstation owned by the end user. Thus, data on local discs, file shares, and mapped network drives is at risk of being compromised. The replicative nature of cloud storage solutions makes them vulnerable as well. Ransomware replaces original files with encrypted ones. Therefore, most cloud storage services precisely reproduce the modifications. Even though some of these systems can handle file versioning, they don’t usually provide a way to recover vast volumes of data in bulk.
Was It Possible to Avoid WannaCry Ransomware?
This ransomware was very preventable. Microsoft had issued a patch in March 2017, before the attachment even began. Even though the patch was flagged as critical, there were many systems that were not updated when the attack began. That said, the patch was only available for the supported Operating systems, including Windows 7 and Windows 10. But as a lot of systems across the globe still run Windows XP, not everything was patched before the ransomware hit.
Later, Microsoft made the patch available for older versions of Operating Systems. Businesses are risk averse technologically and run on a lot of legacy systems that are often vulnerable, and this could have been prevented if that were not the case. Further, as patching causes downtime or breaks applications, businesses always delay such patches. But it is imperative to understand the importance of patching systems; even if it breaks something now, it is well worth it to prevent a bigger problem in the future.
How to Stay Protected from WannaCry Ransomware
Awareness and knowledge on how to recognise potential ransomware payloads and how to avoid them appear to be the best methods against ransomware; after all, prevention is always preferable to cure. While this may be effective, the reality is that ransomware authors only need to breach a barrier once to carry out their malicious activity, and they continuously vary their strategies to do so. Even the most prepared among us can be outwitted at times.
Much of the material around WannaCry has concentrated on the Microsoft vulnerability and the critical nature of system updates. While this is critical, it cannot provide 100 per cent protection against new Wannacry ransomware versions that use unpatched zero-day vulnerabilities.
What, then, can be done in addition to staying current with OS updates and security patches? According to experience, a data backup is the best security against WannCry ransomware. Even if their other ransomware safeguards fail, a clean backup of an organization’s data can keep them from being held captive by an attacker.
While the WannaCry virus is undoubtedly dangerous, it is essential to consider the extent of the damage it has caused. The virus has primarily affected businesses and organizations, not individuals. In addition, the vast majority of those affected by the virus have been able to recover their files without paying the ransom. While the WannaCry virus is a cause for concern, it is not the most dangerous malware. There are much more destructive viruses that have caused far more damage. The WannaCry virus is a reminder of the importance of having good anti-virus protection and of backing up important files.