The concept of ransomware is not new, but WannaCry is by far the most popular Ransomware ever. Within 2 days, the malware has infected over 200,000 computers in more than 150 countries.
So, what exactly is WannaCry?
How does it impact me?
How can I prevent it?
Well, here is everything you need to know about WannaCry in simple English.
What is WannaCry Ransomware?
It’s a program that encrypts all your files on your computer and then gives you a popup asking for a lot of money (usually $300-600). If you get this on your system, you may want to cry and so is the name. But sometimes it also referred to WannaCryptor or WCry.
And since they are asking ransom in Bitcoins (which can easily make untraceable), there is no way to track the culprit.
Note: You can still use your machine, even if it’s encrypted by WannaCry. It’s just that your data is probably gone but once you format your drive, you are good to go.
Image credit: Talos, who has explained the technical aspect of WannaCry in detail.
How much is the Ransom amount?
WannaCry demands the ransom of $300 in bitcoins. If the user doesn’t pay the ransom within three days, the amount doubles to $600. And if you don’t make payment withing seven days, WannaCry will delete all of the files. There is no way to get the data after that.
Why WanaCrypt ransomware spread so quick?
Like I said earlier, ransomware is not new. Microsoft has detected this way back in March 2017 and also released the patch at the same time for vulnerabilities in SMBv1. However, these patches were for the fairly newer version of Windows like Windows 7,8,10 or Windows server 2008 etc.
If you keep your Windows updated, chances are you already have the patch.
However, there are many organizations like govt hospitals and old business, running older and unsupported versions of Windows such as Windows XP and Windows 3.0. Now, since Microsoft no longer supports this version, patches were not released for them.
Who are infected?
Anybody who is running Windows OS on their computer both Windows consumer and server version. But since Microsoft has released patches way back in March, most home users are safe from WannaCry (provided they have installed the updates)
The big majority of people who are infected by WannaCry are those who are running an older version of Windows like Windows XP. These are usually govt hospitals and old business who haven’t updated their system for ages. And trust me there are a lot of them, in this entire world.
Also, from the hackers point of view, it makes sense to target business rather than home users, since business have way more valuable data which they will willing to pay to get it back.
For instance – here in India according to Live Mint, 120 Gujarat govt computers affected by WannaCry virus.
Image Credit: Countries initially affected in WannaCry ransomware
What is wanna cry kill switch?
You might have heard people saying – A ‘kill switch’ is slowing the spread of WannaCry ransomware’
Well, a Killswitch is a piece of code that in software that when activate will kill the program. According to this PCWorld article.
Wana Decryptor infects systems through a malicious program that first tries to connect to an unregistered web domain. The kill switch appears to work like this: If the malicious program can’t connect to the domain, it’ll proceed with the infection. If the connection succeeds, the program will stop the attack.
Where does it come from?
There is no fixed way to find that out yet. But security researchers from both Kaspersky and Symantec both said that early version the WannaCry code are similar to the code used in a 2015 backdoor created by the government-linked North Korean hackers. Source
Is the attack over?
No. And there is no confirmed fix for WannaCry available yet.
Bleeping computer has a detailed guide on how to remove the WannaCry. But there is no confirmation on how effective this method is. In their own word.
This guide, though, will not allow you to decrypt your files for free. This is currently impossible. I will provide steps that you can use to possibly recover files (slim chance, unfortunately) and methods you can use to protect your computer from ransomware in the future.
What can you do to prevent it?
There is still no way to decrypt data yet. So, if your computer is infected, there is not much you can do. Though it’s advisable not to pay the ransom fee, because even if you pay, there is no confirmation, you will get the data back.
Also, Lock down your infected machines. Make sure it’s not connected to your network or use it for anything. WannaCry is a worm – which means it spread from one computer to other on it own.
For everybody else, here are few thing you can do –
1. Backup
Create multiple back-ups of your important data. Keep one in the external hard drive and another upload another copy to the cloud. Though do note, data on the server can also be encrypted by WannaCry, so have more than one physical copy.
2. Update your Windows
Always keep Windows system updated with latest security patches.
3. Use common sense
Don’t click on emails attachments from people you don’t know or download shady stuff from torrents.
4. Use Malware-Byte
Usually, I’m not a big fan of antivirus, but if the computer is operated by not-so-tech-savvy people, then having a good antivirus make sense.
