WannaCry is a ransomware type that has infected the National Health Service (NHS) and other organizations worldwide, such as Chinese, Russian, US, and most European government institutions. India was one of the WannaCry attack countries that were worst affected.
NHS England also suffered a massive ransomware attack, which resulted in the cancelation of certain patient operations.
Once a Windows machine is infected then it encrypts files on a PC’s hard drive, preventing users from reaching them and requires a ransom payment to decrypt them in bitcoin.
A number of factors made the initial spread of WannaCry particularly noteworthy: it hit a series of major high-profile systems, including numerous systems in the UK’s National Health Service; it exploited a suspected Windows vulnerability first found by the US National Safety Agency ;
Search and encrypt a wide range of major formats, from Microsoft Office to MP3s and MKVs, so that they are not available to the user. It then displays a rescue notice, which requires $300 to decrypt files in Bitcoin.
How Does Wanna Cry Infect PC’s
WannaCry’s attack vector is more interesting than the ransomware itself. The WannaCry vulnerability exploited lies in the Server Message Block protocol (SMB) implementation of Windows.
The SMB protocol allows different network nodes to communicate, and the implementation of Microsoft may be tricked into executing arbitrary code with specially crafted packets.
The US is supposed to be. This vulnerability was discovered by the national security agency and developed code for its use, EternalBlue, rather than reporting it to the infosec-community.
The hacking group called Shadow Brokers stolen the exploit in turn, which released it on 8 April 2017 in an apparently political medium.
The vulnerability was discovered a month previously by Microsofts themselves and a patch was released but many systems remained vulnerable, and WannaCry, which used EternalBlue to infect computers, started spreading quickly on May 12.
Following the outbreak, Microsoft slammed the US government for not sharing its vulnerability awareness sooner.
WannaCry will not necessarily start encrypting files, even if a PC is successfully infected. This is because, as noted above, before going to work it will first try to access an extremely long, gibberish URL.
WannaCry shuts itself off when it can access this domain. The purpose of this functionality is not completely clear. Some researchers thought that this was supposed to be the way to pull the plug into an attack by malware creators.
Symptoms That Occurs On Your Device Once It Is Affected
- If WannaCry ransomware compromises the system, the system displays a black background with red commands.
- A guide on how to pay the ransom is given to the victim
- The ransomware encrypts and lets inaccessible data files by adding. WCRY extension at the end of every locked file.
- The folders that encrypt important data may contain unknown files.
Preventive Measures For WannaCry
- Stay up-to-date on your Windows operating system and antivirus.
- Backup your files regularly on an external hard drive.
- Enable the history or protection of the file system. You need to have your file history enabled and set up a file history drive on your Windows 10 or Windows 8.1 devices.
- For Consumer or Business, use OneDrive.
- Keep an e-mail, spam and malicious appendix click here.
- To get SmartScreen protection, use Microsoft Edge. It avoids browsing websites that are known to host exploits and protects you from socially developed attacks such as phishing and downloads of malware.
- Deactivate your office macros loading.
- Whenever possible, disable your remote desktop function.
- Use a secure Internet connection with password-protected access.
- Update the most recent patches on Windows OS. Close port 445 by using a firewall – this may be an alternate option if no option is possible to update the security patch. Outsourcing OSes are prone to malware infections.