contador Saltar al contenido

8 things you should know about WannaCry Ransomware

The WannaCry ransomware was in the spotlight around the world in recent days after hitting more than 300,000 computers, distributed in over 150 countries. It caused a widespread panic, since no one is sure that it is vulnerable or not to its attack. Internet full of information on WannaCry's attack, but most inconsistent and illegible. difficult to protect yourself from something you don't understand. With this in mind, we have created a small guide that will help you understand and protect yourself against WannaCry. So, without wasting any more time, let me to tell you about the 8 things you should know about WannaCry Ransomware:

What is WannaCry Ransomware?

WannaCry ransomware (also known as WannaCrypt, Wana Decrypt, WCry and WanaCrypt0r), as can be deduced from its name, a type of ransomware. A ransomware basically a digital equivalent of an abductor. It takes something of value to you and you are asked to pay a ransom to get it back. That something of value is your data and files on your computer. In the case of WannaCry, the ransomware encrypts files on a PC and asks for a ransom if the user wants the files to be decrypted .

A ransomware can be delivered via malicious links or files contained in e-mails or shoddy websites. WannaCry the latest addition to a long chain of ransomware that has been used to extort money from people since the 90s.

WannaCry: How is it different from other ransomware?

WannaCry, although a type of ransomware, not your average ransomware run. There is a reason why he was able to influence such a large number of computers in such a short period of time. Normally, a ransomware requires a user to manually click on a malicious link to install himself. Thus, ransomware originally aimed only at a single individual at a time.

However, WannaCry uses an exploit in the "Server Message Block" or SMB to infect the entire network. SMB a protocol used by a network to share data, files, printers, etc. Among the users connected to it. Even if a single computer on the network is infected by manually clicking on a malicious link, the WannaCry ransomware will execute the scan through the host network and infect all other computers connected to that network.

As the NSA helped create WannaCry Ransomware

The NSA (National Security Agency) known for maintaining a safe full of exploits that helps them spy on people. Technology giants have been at loggerheads with the NSA to release exploits, so they can be repaired to prevent cyber attacks, but to no avail. Once such a series of exploits was obtained and leaked by a cybercriminal group known as "Shadow Brokers" . The warehouse filtered contained a named tool "EternalBlue", who could use the SMB exploit in Microsoft Windows to transfer files without requiring user authorization.

Although Microsoft released a patch just a few days after the loss, the vast majority of users did not install the patch before the attack started. The creators of WannaCry have used this exploit in its ransomware to attack computers around the world. Therefore, keeping the exploit active and losing it to hackers, the NSA contributed to the creation of WannaCry.

Who is behind the WannaCry Ransomware attack?

Two different technology companies have affirmed the similarity between WannaCry ransomware and a previous ransomware in 2015 developed by hackers called "Lazarus Group" . The group is believed to be operating out of the North Korea and according to them, they are even supported by the North Korean government. The group widely known for his attack on Sony Pictures and Entertainment in the year 2014.

Kaspersky Labs and Matthieu Suiche (co-founder Comae Technologies) have written independently on similarity of the code between Wanna Carry and the Lazarus ransomware. Although not yet confirmed, there is a high probability that the Lazarus group and, therefore, North Korea behind the attacks.

Systems vulnerable to WannaCry attack

One of the reasons why WannaCry has been so successful due to the fragmented nature of the Windows ecosystem. Many networks still use versions of Windows, particularly Windows XP and Windows Server 2003, which are obsolete and no longer supported by Microsoft. Since these earlier versions are not supported, they do not receive software patches for exploits discovered and are more susceptible to such attacks.

WannaCry's attack has affected a broad spectrum of Windows systems including Windows XP, Windows Vista, Windows 7, Windows 8.1, Windows RT 8.1 and Windows 10. Basically, if you haven't updated and installed the SMB exploit patch on your Windows PC, you're vulnerable to the WannaCry attack.

How much ransom and should you pay?

When WannaCry has successfully attacked your system, you will see a window informing you that your system has been encrypted. A link to a BitCoin portfolio basically asking to pay $ 300 (US) in the bitcoin currency to get access to your data. If you do not pay within 3 days, the amount of the ransom is doubled to $ 600 with the warning that after a week the data will be canceled forever.

From an ethical point of view one should never give up the demands of the perpetrators. But, keeping the ethical point of view aside, I am not there news of anyone having access to their data after paying the ransom . Since you are totally dependent on the attacker's whims, there is no way for you to be sure that you will receive the data after paying the ransom. If you pay the ransom, it will only encourage hackers to make more attacks of this kind, as they have now identified you as someone willing to pay. In conclusion, you should never pay the ransom, no matter what.

The amount of ransom received by hackers

Even after knowing the negative aspects of paying the ransom, many pay it, because they are too afraid to lose their data and hope that the extortionists remain faithful to their word. A twitter bot was created by Keith Collins, who is Quartz's data / graphics developer. The Twitter bot @actualransom keeps track of the ransom money.

As described, the bot is looking at 3 hard-coded wallets in the WannaCry ransomware and tweets whenever the money is deposited in any of the portfolios. Every two hours, it also gives the total amount deposited so far. At the time of writing, over $ 78,000 have been paid in ransom to hackers.

Protect your PC from WannaCry Ransomware

Nothing can guarantee complete protection against a ransomware until and unless you have become a careful user. There are some basic rules here. Stop downloading software from unverified sites and keep an eye on all your emails. Do not open links or download files contained in an email from an unverified user. Always check the sender's e-mail to confirm the origin.

In addition to being vigilant, make sure you create a backup of all important data on your computer if you haven't already. In hope, your system gets attacked, you can be sure your data is safe. Also, install the latest Windows security updates. Microsoft has released a patch for the SMB exploit even for the unsupported version of Windows such as XP, so install the patch immediately.

There are other ways to protect your PC from a ransomware and you can consult our detailed article on it.

Stay safe from WannaCry Ransomware

WannaCry has caused enormous chaos all over the world so Windows users are naturally afraid. However, in most cases not the platform but the user who is responsible for the success of such attacks. If users follow clean practices such as installing and using the latest version of the operating system, regularly installing security patches and refraining from visiting malicious / shoddy websites, the risk of being attacked by a ransomware as WannaCry greatly reduced.

I hope the article has left you a little more informed about WannaCry ransomware. If you still have doubts, don't hesitate to ask questions in the comments section below.