Monday, May 15, 2017

WannaCry: What is ransomware and what you need to Know



  1. -WannaCry is a ransomware program targeting Microsoft's Windows operating system. Ransomware is a kind of cyber-attack where hackers can take control of your computer, and keep you from using it or accessing your data until you make a payment to the hackers. If you don't, they can even delete everything.
  2. -On Friday, a large-scale cyber-attack was launched, affecting computers in 150 countries, and in less than a day, researchers observed 57,000 infections.
  3. -The hackers demanded payments of $300 to $600 which were to be paid using Bitcoins. The British NHS, international shipper FedEx, telecommunications company Telefonica and others were among the targets. 
  4. -Software security companies said a ransomware worm called "WannaCry" infected about 200,000 computer systems in 150 countries on Friday, with Russia, Ukraine, and Taiwan being the top targets
  5. -The hackers likely made WannaCry using a piece of NSA code released last month by a hacking group known as the Shadow Brokers, according to security researchers. The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.
  6. -Brad Smith, Microsoft's president and chief legal officer, said in a blog post Sunday that it was in fact the NSA that developed the code being used in the attack. He warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers - not sell, store or exploit them, lest they fall into the wrong hands.
  7. -Cyber security researchers from Symantec and Kaspersky Lab have said that some code in an earlier version of the WannaCry software had appeared in programmes used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.
  8. -Infected computers appear to largely be out-of-date devices that organisations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.
  9. -Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
How it works:

  1. -WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them any more.
  2. -It targets Microsoft's widely used Windows operating system.
  3. -When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300.
  4. -The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline of when the target will lose its data forever.
  5. -Payment is only accepted in bitcoin.
  6. -The ransomware's name is WCry, but analysts are also using variants such as WannaCry.

How it spreads:

  1. -Ransomware is a programme that gets into your computer, either by clicking or downloading malicious files. It then holds your data as ransom.
  2. -Some security researchers say the infections in the case of WannaCry seem to be deployed via a worm, spreading by itself within a network rather than relying on humans to spread it by clicking on an infected attachment.
  3. -A number of hospitals operated by Britain's National Health Service (NHS) were hit by the ransomware cyberattack, causing failures to computer systems [Will Oliver/EPA]
  4. -The programme encrypts your files and demands payment in order to regain access.
  5. -Security experts warn there is no guarantee that access will be granted after payment.
  6. -Some forms of ransomware execute programmes that can lock your computer entirely, only showing a message to make payment in order to log in again.
  7. -Others create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.
Where it has spread:

  1. -Researchers with security software maker Avast said Russia, Ukraine, and Taiwan were the top targets of the attack, but dozens of other countries also reported system infections.
  2. -James Scott, from the Washington DC-based Institute of Critical Infrastructure Technology, said ransomware emerged "as an epidemic" back in 2016. He said the healthcare sector was particularly vulnerable because of poor digital security knowledge.
  3. -"The staff have no cyber-hygiene training, they click on phishing links all the time. The sad thing is they weren't backing up their data properly either, so that's a big problem. They should be doing that all the time," Scott told Al Jazeera.
  4. -"Everyone's vulnerable right now because you're only as strong as your weakest link within your organisation from a cyber-perspective."

What can you do to prevent infection:

According to Microsoft's Malware Protection Center, here are the steps you should take to protect yourself against ransomware:

  1. - Install and use an up-to-date antivirus solution (such as Microsoft Security Essentials)
  2. - Make sure your software is up-to-date
  3. - Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with
  4. - Ensure you have smart screen (in Internet Explorer) turned on, which helps identify reported phishing and malware websites and helps you make informed decisions about downloads
  5. - Have a pop-up blocker running on your web browser
  6. - Regularly backup your important files

Source: Al Jazeera, Reuter and news agencies

0 comments:

Post a Comment

Copyright © 2014 My Engineers | Designed With By Blogger Templates
Scroll To Top