WannaCry is far and away the most severe malware attack so far in 2017, and the spread of this troubling ransomware is far from over. In this post, we’ll tell you what WannaCry is, what developments we’ve seen over the past three days, and how to protect yourself.
Malicious software called ‘ransomware’ has forced British hospitals to turn away patients and affected Spanish companies such as Telefonica as part of a global outbreak that has affected tens of thousands of computers. What is WannaCry – also known as WanaCrypt0r 2.0, WannaCry and WCry?
This unprecedented malware attack began sweeping the globe late last week, and security researchers estimated that nearly 57,000 computers in more than 150 countries were infected by the end of the day on Friday. While the spread of this terrifying ransomware was slowed on Saturday, it was hardly stopped. As of Monday morning, more than 200,000 systems around the world are believed to have been infected.
India was among the countries worst affected by the Wanna Cry attack, data shared by Kaspersky, a Russian anti-virus company, showed. According to initial calculations performed soon after the malware struck on Friday night, around five per cent of all computers affected in the attack were in India.
India is among the worst affected countries from the Wanna Cry ransomware attack, the Indian government has shut down some ATMs all over the country as a preventive measure against the cyber attack.
Ministry of Home Affairs sources said some ATMs all over the country have been closed down as a preventive step following concerns against the virus attack.
MHA officials are closely monitoring the situation.
In the meantime, the Reserve Bank of India (RBI) has issued an advisory asking all banks to put in place a software update at ATMs to prevent their systems from a malware that has attacked payment systems across the world.
The RBI however denied that they have issued any direction to shut down ATMs.
“RBI has not given any direction or issued any advisory to banks to shut down their ATMs. Wrong information is floating around that RBI has instructed banks to shut down ATMs,” an RBI spokesperson said.
ATMs ARE HIGHLY VULNERABLE
In a separate malware attack last year, 3.2 lakh debit card were compromised in the country. Data of the users who transacted from ATM machines of Hitachi were compromised during three months of May, June and July last year. The Hitachi ATMs deployed by many White Label ATM players and Yes Bank were impacted by the malware.
According to reports Automated Teller Machines (ATMs) are highly vulnerable to such malware attacks as they presently run on old version of Microsoft’s Windows operating system, making a software security patch update a necessary exercise.
There are a total of 2.2 lakh ATMs in India, of which many old ones run on Windows XP.
EFFECT ON INDIA
IT minister Ravi Shankar Prasad said India has not been affected much by the ransomware.
“Kerala and Andhra Pradesh have been affected partly. We are keeping a close eye on the situation and strengthening our cyber system,” Prasad said. In two village panchayats of Kerala, computers were hit with messages demanding USD 300 in virtual currency to unlock the hacked files.
Indian Computer Emergency Response Team (CERT-In) has come out with list of dos and don’ts and webcast on how to protect networks from the global ransomware attack.
It has been reported that a new ransomware Wanna Cry is spreading widely, RBI advisory to the banks said.
Wanna Cry encrypts the files on infected Windows system and spreads by exploiting vulnerabilities.
Cyber criminals are demanding a fee of about USD 300 in crypto-currencies like Bitcoin for unlocking affected devices.
Microsoft has introduced a security patch to tackle the situation, and consumers across the globe have been advised to download the solution at the earliest.
CERT-In today said it has not received any formal report of cyber attack on India’s vital networks by the crippling global ransomware, Wanna Cry.
What is WannaCry?
First and foremost, let’s clarify exactly what WannaCry is. This malware is a scary type of trojan virus called “ransomware.” As the name suggests, the virus in effect holds the infected computer hostage and demands that the victim pay a ransom in order to regain access to the files on his or her computer.
WannaCry is a form of “ransomware” that locks up the files on your computer and encrypts them in a way that you cannot access them anymore.
What exactly does WannaCry do?
RansomWare like WannaCry works by encrypting most or even all of the files on a user’s computer. Then, the software demands that a ransom be paid in order to have the files decrypted. In the case of WannaCry specifically, the software demands that the victim pays a ransom of $300 in bitcoins at the time of infection. If the user doesn’t pay the ransom without three days, the amount doubles to $600. After seven days without payment, WannaCry will delete all of the encrypted files and all data will be lost.
The ransomware covers nearly any important file type a user might have on his or her computer. It also installs a text file on the user’s desktop with the following ransom note:
How was WannaCry created?
You can thank the NSA for discovering the “EternalBlue” exploit that would later be used by the WannaCry trojan, and then for keeping under wraps to use for its own intelligence gathering purposes. The security hole was then made public last month when a group of hackers called Shadow Brokers released the details of the exploit to the public.
Is the attack over?
WannaCry was first discovered on Friday, May 12th, and it had spread to an estimated 57,000 computers in more than 150 different countries around the world by the end of the day. European countries were hit the hardest, and business ground to a halt at several large companies and organizations, including banks, hospitals, and government agencies.
On Saturday, a 22-year-old security researcher named Marcus Hutchins inadvertently slowed the spread of the WannaCry virus when he registered a domain name hidden within the virus’ code in an attempt to track the spread of WannaCry, unintentionally stopping its progress in the process. You can read Hutchins’ story in his blog post titled “How to Accidentally Stop a Global Cyber Attacks.”
Unfortunately, the spread of WannaCry wasn’t actually stopped, but instead slowed.
How can I protect myself from WannaCry?
Regardless of which operating system you run, you should install any and all available security updates immediately. Specifically, Windows users with machines that run Windows XP, Windows 8, or Windows Server 2003 should immediately install this security update released on Friday by Microsoft.
Users are advised to be wary of clicking links from unsolicited or unexpected emails. Be very careful and authenticate the source before enabling macros while using Microsoft Outlook. If a link has to be clicked, a safer option is to close the browser with the email account, or the software used to access the emails, and navigate to the web site directly from a fresh browser window. An updated anti virus software, and enabling a firewall are both highly recommended.
What can I do if my computer is infected with WannaCry?
Sadly, there is no fix for WannaCry available at this time. Antivirus companies and cybersecurity experts are hard at work looking for ways to decrypt files on infected computers, but no means of third-party decryption are available right now. Hopefully affected users have backups of their data available, because the only other option right now is to follow the instructions offered in the software to pay the ransom.
Sources: BGR, IndiaToday, Firpost