The internet has its good and bad and we have to be extra careful to not fall on the claws of the hackers or attackers. This can happen from buying online, getting your account hacked or getting your files “kidnapped”, on this last one is when your files get encrypted and the attacker wants you to pay him a certain amount to get the files decrypted. In this article, we will talk about this ransomware that until today has infected more than 230,000+ computers in 150 countries and has raised more than $50,000,00.
WannaCry RansomWare attack
(WannaCrypt, WannaCrypt0r 2.0, Wanna Decryptor) is an ongoing cyber-attack of the WannaCry ransomware computer worm targeting the Microsoft Windows operating systems. The Shadow Brokers which had the first appearance in April 2016 publishing leakes containing National Security Agency (NSA) Hacking Tools, including some zero-day exploits that explored vulnerabilities on firewalls, windows systems, and antivirus systems.Zero-day Exploit vulnerability
is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network.
For you to get your files decrypted you must pay a ransom value in bitcoins which is a cryptocurrency (Digital Currency).
The most attacked organizations are Telefonica
a Spanish broadband and telecommunications provider with operations in Europe, Asia, and North, Central, and South America also affected in Spain were other large companies as well as parts of Britain’s National Health Service (NHS), FedEx, Deutsche Bahn, and LATAM Airlines. Later reports are around more than 150 countries affected.
This ransomware uses some known methods and some new used by NSA. The attack methods are:
Used on emails and messaging with which the attackers try to steal your email, password, credit card details for malicious reasons by creating a duplicate of a website that is known to the victim and when the victim puts his information, it is sent to the attacker.
Believed to have been developed by NSA, exploits a vulnerability (CVE-2017-0144) in Microsoft’s implementation of the Server Message Block (SMB) protocol. The update on 14 March 2017 resolved the issue via security update MS17-010, for all currently supported Windows versions – Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016. Operating Systems that reached the end of life Windows XP, Windows Server 2013, Windows 8 are potential victims of this attack and Microsoft decided to create a new patch for this versions.
A backdoor developed by NSA to spread through the network and infect computers without the last patch from 14 March 2017.These 3 attacking methods work together to find vulnerabilities on systems without the patch updated from 14 March.
For those of your who are using Linux consider yourself lucky because the ransomware doesn’t work on your system.
If you are using windows make sure that your system is always updated because the ransomware is always being changed and updated by the attackers. Linux users don’t need to worry. One of the advantages of using Linux is that instead of having one company patching one vulnerability you have a community.Leave your thoughts and let us know if any you know is the victim of WannaCry ransomware.