A Comprehensive Answer to the Frequently Asked Question “What is WannaCry Ransomware?’
In the last decade, cybercrime has become more sophisticated. Most individuals are not very keen on cybercrime and assume only corporates and businesses are targets. Ransomware is a prevalent form of malware or malicious software used by criminals. Most people ask, what is WannaCry?
Ransomware is a form of malware that encrypts your sensitive data, meaning you cannot access your computer or the data. The hackers demand a ransom in exchange for the decryption keys. This form of encryption is called crypto-ransomware. WannaCry targets Microsoft Windows operating system, and encrypts your data, then demands a ransom in Bitcoin.
What is WannaCry?
In May 2017, ransomware spread via numerous computer networks globally, affecting over 300,000 computers in more than 150 countries. The Windows users’ files were encrypted, and a Bitcoin amount demanded by the hackers as ransom. WannaCry attacked various high-profile systems such as those of Britain’s NHS (National Health Service).
The ransomware exploited a vulnerability in the Windows OS that might have been a hack discovered by America’s NSA (National Security Agency). The NSA did not report the vulnerability when they discovered it. They decided to develop a code known as EternalBlue to exploit the vulnerability. A group of hackers stole this code called the Shadow Brokers, who released it in a political post on Medium on April 8, 2017.
Microsoft had discovered the said vulnerability a month before and released a security patch. However, most people had not updated their systems. They were vulnerable to WannaCry, which begun its assault on May 12.
How does WannaCry work?
WannaCry spreads by exploiting a vulnerability found on the Windows SMB (Server Message Block) protocol. This protocol allows communication between Windows computers in a network. Uniquely designed packets might trick Microsoft into inadvertently executing the cyber criminal’s code.
WannaCry has four parts:
- The Double Pulsar dropper, which is a self-contained program that extracts the rest of the parts
- An app that encrypts and decrypts data
- Documents with encryption keys
- A copy of Tor, which is an open-source software program that enables anonymous communication
The Kill Switch
If a computer is infected, WannaCry does not encrypt data immediately. It tries first to access a long URL that does not make any sense. If it accesses that domain, WannaCry shuts down, also referred to as the WannaCry Kill Switch.
Once WannaCry infects your Windows computer, it goes through some steps. Once executed, the ransomware determines the availability of the kill switch. If it is not available, WannaCry does not encrypt the computer but still tries to spread it to other online computers and through the local networks. If the kill switch is available, the ransomware encrypts all the information on the computer.
The computer owners are asked for a $300 ransom in Bitcoin within three days. Some will ask for $600 in Bitcoin in seven days. In most cases, security experts ask victims not to pay the ransom. This is because most of these attackers never decrypt the data, and they probably do not know how to.
1. Update your operating system and software regularly
Not updating their operating systems is how WannaCry attacked so many people. If you update your OS regularly, you will benefit from the security patches released by Microsoft.
2. Avoid suspicious links
Do not open any email attachments you are unsure about. Do not click on links within emails either. That is how you launch the ransomware. If to view the attachment, it requires you to enable macros, avoid and delete it.
3. Do not download anything from untrusted sites.
The download of files from untrusted and unknown files increases your chances of ransomware attacks. Only download files from trusted sites and apps from the official Microsoft store.
4. Avoid the use of unknown USBs
Avoid inserting USBs or any external storage devices from unknown sources into your computer. They could be ransomware infected.
5. Use a VPN
When using public or unsecured Wifi, use a VPN or Virtual Private Network. The VPN protects you from Malware risks and other attacks.
6. Back up data
Regularly back up data via cloud storage or an external storage drive. If you are attacked via ransomware, your data will be safely backed up. However, once you back up your data, disconnect the hard drive to prevent it from getting infected.
As much as vigilance is needed, it would help if you also took precautions against ransomware. The victims could have easily avoided the WannaCry had they updated their system as advised. Most people tend to ignore the updates and push them to later, which is a dangerous thing to do as it exposes you to all forms of attack.