WannaCrypt – The Destruction Machine

Last month’s Wanna cry or Wannacrypt ransomware cyber-attack that affected over 230,000 computers across the world made ransomware a term that’s no longer unknown to the common public. The attacks made all of us realize that it’s something hard hitting closer home. This massive cyber attack disrupted a number of hospitals and organizations across the world and had hit Europe, Russia, and Asia the hardest.

WannaCrypt – the destruction machine

The ‘WannaCrypt’ software – the ransomware, turned the situation the into a painful one as it locked the victim company’s or hospital’s networks, held data and files hostage till the victim paid the ransom. The situation worsened and the hospitals had to stop admitting new patients and the companies had to shut down their networks resulting in the disruption of services on a global level.
This WannaCrypt malware is reported to be using Social Engineering for targeting the companies. This ransomware, unlike others, encrypts all files within a user’s reach and if he happens to be an administrator, the effects can be devastating. For spreading, this ransomware utilizes a vulnerability that it exploits to get SYSTEM level access. Thus, this attack is very destructive even if users don’t have admin privileges on their systems or servers.

This attack got contained when a 22-year-old British researcher whose Twitter handle is ‘Malware Tech’, inadvertently registered a domain name that the ransomware’s code after installing itself on a system, sent a message to. The malware code included a command to ping an unregistered domain name. It was flourishing as the next piece of code execution required a message back that the address does not exist. But as soon as it was registered, the further code execution stopped, and thus, the ransomware stopped spreading.

How can I protect myself from ransomware?

Here are few things that can help you to keep yourself safe in case anything like this repeats in future:
1. Apply security patches and update all your software to their latest versions. Microsoft worked relentlessly to release updates and patches to contain the situation and provide best protection against ransomware to its customers. It released a security update for users of Win Vista, 7, 8.1 and 10 to address a vulnerability that’s exploited by the ransomware attacks. It is always advised to be on the latest version of Operating system along with all updates installed.
2. For the users running older Windows versions that do not receive any mainstream support, Microsoft released a Security update in only custom support.
3. Your systems should have up-to-date anti-malware installed. You should confirm with the security company from whom you take the anti-malware software if these protect you against ransomware.
4. Many security experts feel that these attacks will evolve with time, so additional security strategies will need to be formulated with time. To protect against SMBv1 attacks, it is recommended that you should block traditional protocols on your networks. Many of these attacks work on generally used phishing methods like sending malicious attachments.
5. Always backup your most important files and data off-premises in order to recover data from ransomware. Cloud backup is your best strategy and defense as backup ensures that your data remains safe and away from these security threats
6. Last but not the least, best ransomware protection is to be very vigilant when you open documents from unknown or untrusted sources.

Key Takeaways

Applying updates does not always give any infection protection, but can help in preventing the spreading of malware any further. Remember-
• The most important thing is that users should not click, open or download unknown files in emails.
• Anti-virus should be strong enough to detect the malware timely.
• Patch your Windows systems and keep signatures up-to-date.