‘WannaCry’ Global Ransomware Attack

SMCS Risk research estimates that the unprecedented ransomware attack that began sweeping the globe last week, had infected nearly 57,000 computers in more than 150 countries by the end of the day last Friday. While the spread of this ransomware had slowed on Saturday, it hadn’t been stopped and as of Monday morning, more than 200,000 systems around the world were believed to have been infected.

WannaCry is the most severe ransomware attack so far in 2017 and in response to our clients concerns, SMCS Risk has released this article.

What is WannaCry?

Like all ransomware, once this computer virus infects your computer, it holds the infected computer hostage and demands that the owner of the computer pay a ransom in order to regain access to the files on the infected computer.

How does WannaCry work?

WannaCry encrypts most or even all of the files on a user’s computer then demands that a ransom be paid in order to have the infected files decrypted. WannaCry demands that the computer user pay a ransom of $300 in bitcoins at the time of infection. If the ransom is not paid within 3 days, the ransom amount doubles to $600. After seven days, if the ransom has not been paid, WannaCry will delete all of the encrypted files and all data will be lost.

How was WannaCry created?

Its believed the NSA discovered the “EternalBlue” exploit that would later be used by the WannaCry ransomware, however the exploit was not disclosed to the general public and was used for its own intelligence gathering purposes. Last month, a group of hackers called Shadow Brokers released the details of the exploit to the public.

Is the attack over?

Definitely not! WannaCry was first discovered on Friday, May 12th, and it had spread to an estimated 57,000 computers in more than 150 different countries around the world by the end of the day. European countries were hit the hardest, and business ground to a halt at several large companies and organisations, including banks, hospitals, and government agencies.

On Saturday, a 22-year-old security researcher named Marcus Hutchins inadvertently slowed the spread of the WannaCry virus when he registered a domain name hidden within the virus’ code in an attempt to track the spread of WannaCry, unintentionally stopping its progress in the process. Unfortunately, the spread of WannaCry wasn’t stopped, but instead slowed and will continue to infect vulnerable computers.

How can I protect myself from WannaCry?

You should immediately install all available security updates released by your operating system. Specifically, Windows users with machines that run Windows XP, Windows 8, or Windows Server 2003 you should immediately install security updates released on Friday by Microsoft.

What can I do if my computer is infected with WannaCry?

Unfortunately, there is no way to remove WannaCry from your system at this time. Antivirus companies and cybersecurity experts are looking for ways to decrypt files on infected computers, but there is no third-party decryption are available right now.

The best way to protect against ransomware and other infections is to proactively conduct reviews of your system to identify weaknesses int eh system and to install all security updates as they are released. For more information on WannaCry or ways in which you and your company can proactively protect your systems against cyber attacks, please contact SMCS Risk’s cyber experts.

Tags: