Home / News / Everything you Need to Know about WannaCry Ransomware

Everything you Need to Know about WannaCry Ransomware

WannaCry ransomware malware grows in a quick time hits computers in 99 countries

What has happened?

On May 12, 2017 a new strain of the Ransom.CryptXXX (WannaCry) strain of ransomware began spreading widely impacting a large number of organizations, particularly in Europe.

What is the WannaCry ransomware?

WannaCry encrypts data files and ask users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

What is ransomware?

Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?

The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?

Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection

How much are victims expected to pay?

The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back

The NHS was thrown into chaos on Friday night after hackers demanding a ransom infiltrated the health service’s antiquated computer system.

Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.

Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.

Medics described how computer screens were “wiped out one by one” by the attack, which had last night spread to companies worldwide, including in the US, Germany China and Russia.

A massive cyber-attack using tools believed to have been developed by the US National Security Agency has struck organisations around the world.

How big is the attack?

There have been reports of infections in 99 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.

Cyber-security firm Avast said it had seen 75,000 cases of the ransomware – known as WannaCry and variants of that name – around the world.

“This is huge,” said Jakub Kroustek at Avast.

Who has been affected?

The UK’s National Health Service (NHS) has been hit and screenshots of the WannaCry program were shared by NHS staff.

Hospitals and doctors’ surgeries were forced to turn away patients and cancel appointments One NHS worker told the BBC that patients would “almost certainly suffer and die” as a result.

Some reports said Russia had seen more infections than any other single country. Russia’s interior ministry said it had “localised the virus” following an “attack on personal computers using Windows operating system”.

People tweeted photos of affected computers including a local railway ticket machine in Germany and a university computer lab in Italy.

WannaCry encrypts files with the following extensions, appending .WCRY to the end of the file name:

  • .lay6
  • .sqlite3
  • .sqlitedb
  • .accdb
  • .java
  • .class
  • .mpeg
  • .djvu
  • .tiff
  • .backup
  • .vmdk
  • .sldm
  • .sldx
  • .potm
  • .potx
  • .ppam
  • .ppsx
  • .ppsm
  • .pptm
  • .xltm
  • .xltx
  • .xlsb
  • .xlsm
  • .dotx
  • .dotm
  • .docm
  • .docb
  • .jpeg
  • .onetoc2
  • .vsdx
  • .pptx
  • .xlsx
  • .docx

It propagates to other computers by exploiting a known SMBv2 remote code execution vulnerability in Microsoft Windows computers: MS17-010

Who is impacted?

A number of organizations globally have been affected, the majority of which are in Europe.

Is this a targeted attack?

No, this is not believed to be a targeted attack at this time. Ransomware campaigns are typically indiscriminate.

Why is it causing so many problems for organizations?

WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows. Computers which do not have the latest Windows security updates applied are at risk of infection.

Ransomware Using NSA’s Exploit to Spread Rapidly

What’s interesting about this ransomware is that WannaCry attackers are leveraging a Windows exploit harvested from the NSA called EternalBlue, which was dumped by the Shadow Brokers hacking group over a month ago.

Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks.

The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. This is why WannaCry campaign is spreading at an astonishing pace.

Once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well.

Moreover, make sure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely. Update the System now.

About Jay Kumar Ryan

Check Also

Intel patches remote execution exploit of PCs with Intel Server Chipsets

Do you own an PC running with Intel Server Chipset? Recently Intel patches remote execution …

One comment

  1. Oh my goodness! an amazing article dude. Thank you However I’m experiencing problem with ur rss . Don’t know why Unable to subscribe to it. Is there any person getting identical rss trouble? Any individual who knows kindly respond.

Leave a Reply

%d bloggers like this: