Pierluigi Paganini May 15, 2017

Massive WannaCry Ransomware hits almost 150 countries around the world. How to avoid it? What’s happened? How to beat ransomware?

Something rare but extremely dangerous is currently rotating around the web. Named after the feeling it inflicts on users when they find their PCs infected with it, WannaCry is a ransomware which encrypts all files stored in your system, and demands that you pay around $300 in bitcoins if you want to decrypt and recover these files.

Known to have infected 200,000 computers across 150 countries in a matter of hours, the ransomware is yet to reach its full damaging potential, since the American continents are still safe from the attack.

The ransomware took advantage of a tool named “Eternal Blue”, originally created by the NSA, which exploited a vulnerability present inside the earlier versions of Microsoft Windows. This tool was soon stolen by a hacking group named “Shadow Brokers” which leaked it to the world in April 2017.

Microsoft took no time in releasing a patch to this vulnerability which managed to fix it. However, most people still have no idea regarding the existence of this patch and are therefore exposed to this ransomware program.

Russia, Ukraine and Taiwan are said to have suffered the worst from this malware. The National Health Service of the UK was also badly affected because of the attack and services to patients were disrupted for quite a while.

Telefonica, a multinational broadband internet provider, was also on the receiving end of this malware. Around 85% of the company’s computers are said to have been infected, and employees have been sent home.

“The financial impact of the attack on Telefonica should be significant, and goes far beyond the ransom being demanded,” Kroustek said in a statement provided to International Business Times. “It should not take Telefonica long to remove the ransomware, but if Telefonica has not recently backed-up employee files, it could take a while before they are recovered, if they were encrypted by the ransomware,” Kroustek said.

Fortunately, people using the latest version of Windows OS, or another OS altogether are completely safe from WannaCry malware. Those who are not are recommended to either install Microsoft’s latest fix to the problem, or update their OS to newest versions.

While the ransomware continued to infect users from around the globe, a cybersecurity researcher, tweeting as @malwaretechblog managed to put a temporary stop to the problem by purchasing the domain name being used by the malware program.

The domain wasn’t live at the time, and upon its purchase, it activated a temporary kill switch inside the malware, stopping it from spreading temporarily.

“I saw it wasn’t registered and thought, ‘I think I’ll have that’,” he is reported as saying. The purchase cost him only $10.69. Immediately, the domain name was registering thousands of connections every second.

He admitted that the save was only accidental, as he had no idea whether the domain purchase would manage to kill the ransomware or not.

After Ransomware Attack: More ransomware cases ‘likely on Monday‘ including NHS hospitals and Trusts

As the working week begins again, the number of people affected by the hack are likely to rise. The latest count this Monday morning is over 200,000 victims in at least 150 countries, and the numbers will most likely increase as businesses start with their daily business.

Healthcare departments suffered the worse from the attack. Despite holding sensitive data, the security level at these institutions was poor compared to banks and other sensitive industries. Around 47 NHS trusts in England and 13 Scottish health boards are known to have suffered badly from WannaCry ransomware, proving that hackers have lost all ethics in want for financial gain.

How to beat ransomware? Here are 5 things you can do to protect against ransomware

Users are still advised to take precautionary measures as best as they can. The following tips will help you in ensuring that your computers remain safe from WannaCry ransomware:

1. Back up your computer as soon as you can: Backing up your computer before it gets infected will save you from significant stress. You can either make use of external hard drives, or subscribe to an online cloud service to secure your data.
2. Update your Operating System: It is recommended that you update your existing OS to the latest version, preferably Windows 10, if you want to save your computer from getting infected.
3. Use Firewall Software: Firewall prevents suspicious programs from entering your system. It is of utmost importance that you start using a firewall service as soon as you can to remain safe from ransomware.
4. Keep your Antivirus software up-to-date: Virus definitions have already been updated to protect users against the latest threat of WannaCry ransomware.
5. Beware of phishing: Staying safe from phishing can help in preventing any such programs from infecting your computer. Make sure that you avoid suspicious links or files on the internet or the ones sent to you via email.

About Author: Anas Baig

Anas Baig is a Cyber Security Expert, a computer science graduate specializing in internet security, science, and technology. Also, a Security Professional with a passion for robots & IoT devices. Follow him on Twitter

Follow him on Twitter @anasbaigdm, or email him directly by clicking here.

Pierluigi Paganini

(Security Affairs – Wannacry ransomware, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]