The WannaCry-ransomware cyber-attacks

The WannaCry ransomware attack (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is an ongoing cyber-attack of the WannaCry ransomware computer worm targeting the Microsoft Windows operating system. The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency Bitcoin in 28 languages. The attack has been described by Europol as unprecedented in scale.

The ransomware takes over users’ files, demanding $300 (£230) to restore them.

The White House said on Monday that under $70,000 (£54,000) had been paid in total in a bid to get any locked data released.

The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain’s National Health Service (NHS), FedEx, Deutsche Bahn, and LATAM Airlines. Other targets in at least 99 countries were also reported to have been attacked around the same time.

Like previous ransomware, the attack spreads by phishing emails, but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA) to spread through a network which has not installed recent security updates to directly infect any exposed systems. A “critical” patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, but many organizations had not yet applied it.

Those still running exposed older, unsupported operating systems were initially at particular risk, such as Windows XP and Windows Server 2003, but Microsoft has now taken the unusual step of releasing updates for these.

Shortly after the attack began, a web security researcher who blogs as “MalwareTech” accidentally found an effective kill switch, registering a website that was mentioned in the code of the ransomware. This slowed the spread of infection, but new versions have now been detected that lack the kill switch.

Wana_Decrypt0r_screenshot
This is a screenshot of a ransom note from an infected system.

Computer giant Microsoft said the attack, which has affected hundreds of thousands of computers, should serve as a wake-up call.

wannacry ransomware
This image illustrates the situation on Monday 15th May 2017.

Who is behind the attack?

This won’t take long. Nobody knows. Europol’s Jan Op Gen Oorth said: “A bit early to say… but we are working on a decrypting tool”.

Associated Press quoted Tim Wellsmore, of US security firm FireEye, as saying: “We expect this is a small operation… They just happened to hit the mother lode.”

Russian President Vladimir Putin said: “Russia has absolutely nothing to do with it.”

This is what you should do to prevent being a victim:

Refrain from clicking on attachments and links in your  emails that you have no clue of their origin.

Also many organisations had failed to keep their systems up to date, allowing the virus to spread, so if you run an organization or are in charge of system analysis and administration, this cyber-attack should motivate you enough to upgrade your system to the recommended and safer versions.

It also seems that the wannacry ransomware had a lucrative weekend; first, a ransomware debilitates normal computer use until a user pays a ransom.

Wanna Cry, like most ransomware not targeted at mobile devices, encrypts files and charges for the decryption key. Victims are instructed to pay via bitcoins, an electronic currency that is hard to track.

But while bitcoins make it hard to link an account with an account’s owner, all transactions are public. It is possible to look at how much money any account receives in real time.

A single bitcoin is worth around $1,750 (today its down to $1,678.55)

The three accounts known to be used by Wanna Cry made 5.78 bitcoin Friday, 9.67 bitcoin Saturday, 5.50 bitcoin Sunday and more than 12 bitcoin Monday a little before 9:30 a.m. In total, victims have paid more than $57,000.
They will probably get more if the malware spreads to what is has currently.

Wanna Cry Ransomware Guidelines to stay safe :

  • Be careful to click on harmful links in your emails.
  • Be wary of visiting unsafe or unreliable sites.
  • Never click on a link that you do not trust on a web page or access to Facebook or messaging applications such as WatSab and other applications.
  • If you receive a message from your friend with a link, ask him before opening the link to confirm, (infected machines send random messages with links).
  • Keep your files backed up regularly and periodically.
  • Be aware of fraudulent e-mail messages that use names similar to popular services such as PayePal instead of PayPal or use popular service names without commas or excessive characters.
  • Use anti virus and Always make have the last update.
  • Make sure your windows have the last update close the gap.

Find out more on how to stay and [su_button url=”https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07″ target=”blank” style=”flat” background=”#636252″ color=”#ffffff” size=”5″ center=”yes” radius=”5″ icon=”icon: code” icon_color=”#ffffff” text_shadow=”0px 0px 0px #cccccc”]be safe here[/su_button]

kivuti kamau

Data Modelling, Design & Development

Press ESC to close