In past few hours, thousands of computers around the globe were hit by a ransomware attack. It seems to be the most massive ransomware delivery campaign to date.
This massive ransomware has been identified as a variant of WannaCry ransomware. WannaCry is also known as ‘Wana Decrypt0r,’ ‘WannaCryptor’ or ‘WCRY’. It encrypts the files and request for $600 in Bitcoin. This tool is designed to target multiple countries. This is the reason they have given the option to translate the message in different languages.
Up to 50% off - SpeakersUp to 60% off - Speakers on Amazon sale
It is worth to note that there is a counter and the payments will be raised after a specific countdown.
To make sure users’ do not miss the warning, it also changes the wallpaper with instructions on how to find the decryptor tool dropped by the malware.
This attack became successful because it is leveraging a Windows exploit harvested from the NSA called EternalBlue. This Windows Exploit is capable of penetrating machines running unpatched Windows XP through 2008 R2. This exploit was leaked on the Internet through the Shadowbrokers dump on April 14th, 2017 and now hackers are using it.
Microsoft has already released a patch for this vulnerability in March. But many organizations who did not patch the system and are under the big risk.
This ransomware uses the known Windows Exploit to infect a computer. It initiated through an SMBv2 remote code execution in Microsoft Windows. Once a computer in your organization is hit by the WannaCry ransomware, it looks for another computer to attack and infect.
In just a few hours, this ransomware targeted over 45000 computers in 74 countries including United States, Russia, Germany and much more. Later Avast reported that the attack has targeted 99 countries with 75,000 cases of the ransomware cases.
How To Protect Yourself From WannaCry Ransomware
As I already said, it is using the known Windows Exploit and Microsoft already released the patch to fix this. So, you should update patch your Windows system is running on vulnerable version of Windows. Install Microsoft updates right now and never ignore any future Microsoft updates.
You should also start keeping a backup of your important files to protect your important data. The ransomware encrypts important data and asks for ransom to give you decryption key.
Start using a good Antivirus to make sure your system is protected from known viruses and malware. Avoid downloading any software from suspicious websites and clicking on anonymous links. Avoid opening email attachments from unknown senders.