What is WannaCrypt Ransomware? A.K.A “WannaCry” It is a malware that takes advantage of an old vulnerability in the Windows Operating system. If you are someone who regularly updates your Windows Operating system, then you should be relatively safe. However, no antivirus software can prevent users from opening email’s that has attachments with malicious intent. The good news is that it can be avoided. The bad news though, is that it can spread like wildfire once it infects any of your “unpatched” network connected PCs. Read along to know more.
What is WannaCrypt Ransomware?
WannaCrypt ransomware was initially presumed to have spread using E-Mail phishing techniques. However, later, researchers and security experts have confirmed that the vulnerability was covered through older SMB protocol standards. That is if your computer is exposed to the internet with an open SMB port(SMBv1), specially crafted messages are used to exploit your Windows Operating system. The malware is alleged to use “EternalBlue” to gain access and “DoublePulsar” to install and execute the code. Once a vulnerable system is infected, it finds system and data files and encrypts it. When a user tries to access it, it displays a “ransom-note” demanding $300 in Bitcoins. Here is how the ransom demand looks like:
As you can see from the screenshot above, the payment is time bound and have roughly about a weeks time to pay and decrypt the file.
Do you pay the Ransom?
Security experts have strongly recommended against paying the ransom since it does not guarantee that you would get back your files and data. Since the individual payments are not uniquely identified, there is no single way of determining your fees. Unless the Decryption is done my manual intervention by someone from the Hacking team, it may not work at all.
How To Avoid WannaCrypt Ransomware From Spreading in your Environment
Let’s be honest. Nobody wants to get their PC’s infected with any virus, malware or ransomware. It is a risk since most of the today’s computers are networked with one another. To avoid this, we have collated simple steps that might help you in the long run. They are as follows:
- Ensure that you have all your Windows PC’s patched up with the latest updates from Microsoft. If your Operating System is not currently supported (e.g. Windows XP), plan for an Enterprise wide update to a newer OS that Microsoft now supports.
- Data Backup and Recovery: Ensure that your Windows PC is protected from any disk level failures or data corruption scenarios. In today’s world where cloud computing is a reality, invest in a site level failover solution. For example, Microsoft Azure Site Recovery gives you site level backup.
- Keeping most of the critical systems on the cloud will significantly reduce the probability of unplanned downtimes. Solutions like Office 365 and Google Apps can help you achieve this.
- Removal of Admin Rights from Users. In addition to this, educating the end users to be alert before opening an email attachment from an unknown sender is key. No Anti-virus software can help you solve this problem.
- Updating to Windows 10 Enterprise Editon will get you access to the latest security features. For example, Credential Guard, App Locker, and Device guard can help you strengthen your corporate network PCs.
In the end, the users need to be accountable for initiating any malicious activity, knowingly or unknowingly.
The scale at which this malicious ransomware code was spread across the globe can only indicate the dangers that we are in today. The security threat is real, and IT Managers and CIO’s should take cognizance of this situation. Stay Safe, Signing Off!