Home > Blogs > Everything You Need To Know About WannaCry
On Friday, May 12th, 2017, a ransomware called WannaCry affected around 3 lakh Windows devices across 150 countries worldwide. Once on the system, the ransomware encrypted files and demanded a ransom to be paid via bitcoins to send the decryption key to the user.
Among the 3 lakh infected computers were systems crucial to the operations of organizations like the UK’s National Health System, Germany’s rail system, Russia’s Central Bank, the Nissan and Renault factories, Fedex, and Telefonica.
How WannaCry works
NSA had discovered and exploited a vulnerability in the Windows’ Server Message Block (SMB) and didn’t report it to Microsoft. That vulnerability, along with several others, was released by a group called the ShadowBrokers earlier this year. WannaCry exploited the same vulnerability to build the ransomware.
However, WannaCry had a kill switch that was discovered by a company called Malware Tech. The program pinged a static domain and would lock the victim’s files if it didn’t receive a response from the domain. Malware Tech purchased the domain and prevented tens of thousands of computers from becoming infected by the ransomware.
Who did it?
The source of the ransomware is still unknown. Although since May 12, variations of WannaCry have already made their rounds. It is feared that more intelligent cybercrime organizations could improve on the code and send out further attacks.
How to prevent the attack
- Since ransomeware is usually spread through social engineering, users need to be careful while opening attachments or clicking on download links from unknown senders.
- Additionally, Microsoft has released patches to secure the vulnerability, even for unsupported, older versions of Windows.
- Using Antivirus Software, maintaining system and file backups, and keeping all systems up to date also help prevent such attacks.
- Enable firewall and disable SMBv1 ports on your machine
What to do if you are affected
Should you pay? Definitely not! A shortcoming of WannaCry is that it does not know how to track who has made payments to the bitcoin account listed in the payment instructions. It means that paying the ransom does not guarantee that victims will get their files back.
The best course of action is to restore your operating system from the most recent backup. You could also use malware removal tools. Though these will not return the encrypted files, they will remove the existing malware.
India was said to be among the countries worst affected by the attack. An initial analysis by anti-virus provider Kaspersky revealed that five percent of all affected systems were in India. Governments should treat the cyberattack as 'wake-up call' and treat cybersecurity with the utmost priority. It won’t be long before a more disruptive version of the malware is released into the cyberspace – the consequences of which could be much more disastrous. Let us hope we are better prepared ‘when’ it does happen.