WannaCrypt, WannaCry or WannaCrypt0r 2.0 is a type of malicious software program called ransomware that targeted a known vulnerability to infect and encrypt the contents of Windows PCs around the globe. This attack affected over 100,000 machines in over 100 countries in under 24 hours, affecting individuals and high-profile organisations including the NHS. The attack could have had much more serious consequences if it wasn’t for the quick-thinking of a researcher who stopped the threat spreading by just registering a domain name!
Ransomware is a piece of malicious software or malware that blocks access to a computer, or it’s files and demands payment for release. criminals don’t always play by the rules, access to data is not guaranteed, even after paying the ransom Ransomware is typically triggered when a user opens an email containing a malicious attachment such as a PDF or Microsoft Office document.
WannaCrypt is a game-changer!
WannaCrypt is different from traditional forms of ransomware as it can replicate itself and spread to other machines on the computer network, making WannaCrypt a hybrid ransomware/worm program. The infection spreads via SMB (Server Message Block) protocol used by Windows machines to communicate with other file servers over a network. An infected machine will then spread the malicious program to other at-risk devices.
Once infected, the WannaCrypt installer will extract a resource in a password protected zip file (wary.zip) which contains the executable ransomware files. WannaCrypt will also download a TOR client that it uses to communicate with the WannaCrypt servers.
What does WannaCrypt do?
The malicious program encrypts most of the files on a machine, and then a payment demand appears on the screen. The criminal gang behind WannaCrypt request $300 in Bitcoin. Upon payment, you will receive a decryption key. The figure doubles to $600 if they haven’t received payment within three days. Access to files may be lost forever if payment still hasn’t been made within a week.
How to avoid the threat of WannaCrypt and other Ransomware threats
As mentioned earlier in the article, WannaCrypt targets a particular vulnerability within the Windows Operating System. There is, however, a high probability that other vulnerabilities will become exposed and exploited within the coming days, weeks, months and even years. Here are some tips to help you, your family and colleagues avoid falling victim to cyber crime.
- Delete any suspicious emails immediately, or if it’s from a known source, call the person to confirm they sent it
- Never forward such emails to colleagues
- Never click on an attachment in a suspicious email
- Alert your IT department if you receive a suspicious email
- Keep Anti-Virus and anti-Spam software up-to-date
- Keep Windows Operating System software up-to-date
- Ensure that you have email and web security that can block malicious emails and malware Command & Control server communications
- Keep essential software up-to-date to the latest version
What to do if you have a ransomware problem
If you have fallen victim to WannaCrypt or any form of ransomware, do the following:
- Pull the power lead from your machine immediately
- Inform a member of your IT team or your line manager
Security incidents such as WannaCrypt can strike at any time. Therefore it is important to maintain a regular backup schedule as part of your wider Disaster Recovery strategy.
The National Cyber Security Centre (NCSC) has released a statement with guidance and more information regarding the attack.
About Network ROI
Network ROI is a Managed Service Provider based in Scotland with skilled technical engineers throughout the UK.
As a Cyber Essentials and IASME certified company, we help organisations improve the security of their internal networks and reduce the likelihood of outside threats.
If you are worried about WannaCrypt or any other form of cyber crime, call us on 0131 510 3456 or fill out the form below and a member of our team will be in touch soon.