By now everyone knows that the world is reeling under a Ransomware virus attack threat called WannaCry. And it is very real. Watch Video
Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files, and the only way to regain access to the files is to pay a ransom. Typically the virus also scrambles the file names, so you can’t know which data was affected. According to experts, this is one of the social engineering tricks used to confuse and coerce victims into paying the ransom.
Malware requests payment in Bitcoins because they are safe, and cannot be tracked by cyber security researchers or law enforcement agencies. Now more about WannaCry.
Origin
On Friday, May 12, 2017, around 11 AM ET/3PM GMT, a ransomware attack of “unprecedented level” started spreading WannaCry around the world. It took advantage of a vulnerability in Windows that allowed it to infect PCs. The infection has affected over 200,000 victim PCs in 150 countries so far.
Called WannaCry or WannaCrypt, the virus has already hit 48 NHS hospitals across Britain. Organizations such as Renault or the NHS were struck and crippled by the attack.
The attackers remain unknown till date.
On March 14 this year, Microsoft released a security update which addressed the vulnerability in the 16-year-old Windows XP operating system that the hackers behind the massive ransomware attack exploited and created havoc in 150 countries. There are nearly 150 million computers running Windows XP operation system globally. Those who didn't pay heed to the Windows XP patch are the ones who have fallen prey to the world's biggest ransomware attack. Also Read: Ransomware to spread rapidly, warn IT experts
Looking at the attackers' Bitcoin wallets they've made $42,000 so far. The victims have been advised not to pay the $300 ransom requested by the hackers, who've threatened to wipe PCs of those who don't pay up in a given timeframe.
The WannaCry ransomware was halted by MalwareTech, the UK cyber security researcher. He admits to have accidentally stopped the infection by registering a domain name (9iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) that he found in WannaCry’s code, without knowing what its effect would be. The domain turned out to be a kill switch left in the code to stop the ransomware’s propagation.
The worst is not quite over, the virus is set to return in a variant.
A second wave of global infections has also been halted thanks to a a new “kill switch” by Matthieu Suiche, the founder of cybersecurity startup Comae Technologies, has prevented about 10,000 infected machines from propagating the ransomware since it was flipped roughly 24 hours ago.
You must install a fix released by Microsoft to prevent further infections and propagation.
Russians and Koreans are the biggest payers to the global ransomware hackers
How to keep yourself safe - Be careful of not clicking any malicious looking link. Most importantly, take back-ups. Keep all your softwares up-to-date. There is a reasons companies urge you to update - they frequently release bug fixes.
Microsoft has issued an advisory while releasing a patch for Windows XP. People have to be really aware and vigilant.