WannaCry Ransomware Terror! How to Protect Your Computer From This Malware?

Wannacry Ransomware is one of the worst cyber security attack to be reported so far.

On 12 May, 2017, the unprecedented malware was discovered several hours after its initial release by a research blogger who writes under the name MalwareTech.

In attempt to track the spread of the virus, the 22 year old security researcher who’s actual name is Marcus Hutchins, had inadvertently slowed down the spread of the virus when he registered a domain name that was hidden within the virus code.

While the European countries were the hardest hit, other countries do not lag behind.

Since its discovery, the virus has hit over 57,000 computers in more than 150 different countries globally. The attack is not over yet and while its impact has already impacted over 10,000 organizations and 200,000 individuals, the threat is not over yet.

The only way to project ourselves is to stay informed about this lethal virus and to learn how to project oneself from it. As countries around the world start taking precautions, in India the Indian Computer Emergency Response Team had issued an advisory of prevention against this threat. This has been shared in the form of a webcast session that was broadcasted by the Government on 15^th May, 2017 at 11 AM and in future dates also.

If you have missed out, read through this article on the big threat of WannaCry Ransomware and how you can protect your computer files from getting hacked.

What is WannaCry Ransomware?

Known as WannaCry or WanaCrypt0r 2.0, the malware is a scary type of Trojan virus that targets computer files and makes them inaccessible to the user. The files will be held hostage using encryptions. The only way someone can gain access back to his/her computer files is by paying a ransom of a certain amount as demanded.

The demand of the ransom is limited to a certain time during which the victim needs to pay up. The initial amount that will be demanded is USD 300, which the victim has to pay in Bitcoin within three days.

If after three days, the victim does not pay the ransom, the amount will double to become USD 600. The victim will have to pay this within seven days.

If the victim still has not paid, then the malware will delete all files and data forever.

A system once infected can be prone to repetitive attacks by the malware. Besides, there is no guarantee or assurance that the decrypted files will be handed back to the users on payment. Based on findings from a Security Ledger article and CNET reports, the virus extorted users of nearly $ 3 million but did not decrypt the files.

Ransomware is Not a New Virus. So Why Concern?

The virus has been around for decades. However, the virus has grown in variety. A WannaCry Ransomware Virus can quickly spread, evade detection, encrypt files and coerce users into paying a ransom.

According to Ryan Francis, Managing Director of CSO and Network World, the ‘new-age’ ransomware has a combination of pre-built infrastructure that can easily and widely distribute new varieties of crypters and other advanced development techniques that makes reverse engineering difficult.

In addition, features like offline encryption methods are making it easier for Ransomware to take advantage of legitimate system features and eliminate the need of C2 or Command and Control communications. Example – Microsoft’s CryptoAPI.

Filetypes that are targets of Ransomware encryption

.3dm	.asf	.cmd	.djvu	.flv	.js	.mkv	.odg	.pdf
.3ds	.asm	.cpp	.doc	.frm	.jsp	.mml	.odp	.pem
.3g2	.asp	.crt	.docb	.gif	.key	.mov	.ods	.pfx
.3gp	.avi	.cs	.docm	.gpg	.lay	.mp3	.odt	.php
0.602	.backup	.csr	.docx	.gz	.lay6	.mp4	.onetoc2	.pl
.7z	.bak	.csv	.dot	.hwp	.ldf	.mpeg	.ost	.png
.ARC	.bat	.db	.dotm	.ibd	.m3u	.mpg	.otg	.pot
.PAQ	.bmp	.dbf	.dotx	.iso	.m4u	.msg	.otp	.potm
.accdb	.brd	.dch	.dwg	.jar	.max	.myd	.ots	.potx
.aes	.bz2	.der	.edb	.java	.mdb	.myi	.ott	.ppam
.ai	.cgm	.dif	.eml	.jpeg	.mdf	.nef	.p12	.pps
.asc	.class	.dip	.fla	.jpg	.mid	.odb	.pas	.ppsm
.ppsx	.ps1	.raw	.sh	.sln	.sqlitedb	.stw	.sxc	.sxw
.ppt	.psd	.rb	.sldm	.snt	.stc	.suo	.sxd	.tar
.pptm	.pst	.rtf	.sldx	.sql	.std	.svg	.sxi	.tbk
.pptx	.rar	.sch	.slk	.sqlite3	.sti	.swf	.zip	.sxm
.tif	.uot	.vdi	.vsd	.wk1	.xlc	.xlsm	.tgz	.xltx
.tiff	.vb	.vmdk	.vsdx	.wks	.xlm	.xlsx	.xlt	.xlw
.txt	.vbs	.vmx	.wav	.wma	.xls	.xltm	.xlsb	.wmv
.uop	.vcd	.vob	.wb2

Nearly all important file types can be encrypted by Ransomware.

How Wanacry’s Ransomware Works?

When the malware attacks a computer, it will install a ransom note (in text file format) on the user’s desktop. Take a look below to see how a Ransomware note looks like.

After the user pays the total amount of the ransom asked, the user will find the decryption instructions.

Today, Ransomware is one of the most significant threats facing that businesses and individuals are facing today. As time passes, the attacks will get even more sophisticated and difficult to prevent.

The percentage of new ransomware variety breakdown has risen from 2005 – 2015

Image Courtesy: LA Times

Today hackers are no longer relying on hand-written encryption codes. Instead they are using off-the-shelf library encryption codes that are significantly advanced and are difficult to crack down. They can now leverage more sophisticated methods of delivery. One of them is spear-phishing campaigns instead of traditional phishing email blasts where email spams are frequently filtered.

The only way to protect oneself from such threats is Security Awareness Training and Backup.

How to Protect Myself from WannaCry?

Install and avail all your security updates immediately. It does not matter which operating system you are running, here are some ways of avoiding attacks –

• Update Your Antivirus

Keeping your security systems up-to-date and maintaining a strong firewall can keep all kinds of security threats at bay. If you don’t have one installed yet, install now!

• Avoid Pop-up Blockers

Pop-up boxes are a prime tactic used by hackers to gain access to your computer system. The buttons within the pop-up boxes might be already reprogrammed. So avoid clicking on one. If the pop-up box appears below in your computer screen, simply click on the X button.

• Ignore Anonymous Emails

If you receive an email sent by someone anonymous, it’s best to ignore it. Do not open any kind of attachment that are not E-scanned or Gmail verified. Another way to identify whether your email sender is real or spam is by checking the spellings. Look out for spelling errors like ‘PayePal’ instead of ‘PayPal’.

You can also check for unusual symbols, spaces and punctuation marks. Example – ‘iTunesCustomer Services’ instead of iTunes Customer Services.

Avoid clicking on any malicious bad links in emails and social sites and chats like Facebook, Twitter, Skype, Whatsapp, etc.

Enterprises can use email monitoring methods that would protect the system from email spoofs.

• Apply Patches

Regular patches of unsupported versions like Vista, XP, Server 2003 and 2008 are not available. You can prevent threats by upgrading the regular patches.

You can apply patches released by Microsoft under the Microsoft Security Bulletin 2017 MS17 – 010 as on March 2017.

In case, if the patches are unavailable, then CERT advises to keep the system in isolation. Users can download the patches in a USB or CD and later apply it to connect back the system to the network.

You can visit the CERT website for any kind of guidance in technical measure.

• Follow Software Restriction Policies

In order to prevent the execution of malware threats

Tips to follow – If you are a Victim of the Ransomware Attack?

1. Immediate Disconnect the Internet and Turn off the PC

Disconnect your internet connection and turn off your PC to avoid any project related data from getting transmitted into the hand of the hackers. Malware is reported to spread quickly through LAN.

2. Use Anti-Ransomware Cleanup Tools

Today’s antivirus programs are better tuned and can block any suspicious ransomware activity by watching for specific variant action. An anti-ransomware tool will also make sure that your system is free of infection before the infected data is restored.

You can visit the CERT website to look up the recommended disinfected tools or here is a list of names of some of the best anti-ransomware cleanup tools –

• Trend Micro lock screen ransomware tool
• AVG’s ransomware decryption tool
• BitDefender anti-ransomware
• Avast anti-ransomware tool
• Kaspersky anti-ransomware tool

   

   

3. Alert Authorities

You can immediately alert the law-enforcement agencies about the incident so that they can help you by doing the needful. You can call on 1800-11-4949 or email at incident.cert-in.org.in.

4. Do Not Use AMMY ADMIN

Latest reports inform that Ammy Admin website is the latest shelter of Ransomware. Therefore, it’s best to avoid desktop sharing through Ammy Admin.

Most Important of All

5. Do Not Pay Any Ransom!

This is strongly advised by CERT since there is no guarantee that your data would be handed over to you even after you have paid the ransom. Besides, this will only help to fuel the propagator’s intention further.

Conclusion

Effective defense against Ransomware ultimately hinges on education. Users and Businessmen should therefore take time to learn more about backups and software updates. In addition to this, staying updated about how things are progressing towards stopping the virus completely is important.

For the time-being the spread of the virus has been slowed down. But the country’s set-back in economic and health sectors have led us to ask – “Can we stop the Ransomware Spread soon?”