What is Ransomware?
Ransomware is a cyber attack by wannacry malware for those computers are connected to the internet. This is mainly targeted on Microsoft Windows Operating Systems by encrypting the user files in a way that can’t access it anymore and demanding some money in the Bitcon crypto currency. The attack was beginning on 12th May 2017 and affected many companies like British hospital and Spanish companies like Telefonica etc. This worm has attacked over 200,000 computers in 150 countries.
How it affects?
Email link and email attachment account for 59% of Ransomware attack. Users are more prone by clicking the links than accessing an infected website. Attackers send the wannacry worm emails to users to ask them to click or download the attached file. When user click the link, or download the files from emails the worm enter the computer.Email link and email attachment account for 59% of Ransomware attack. Users are more prone by clicking the links than accessing an infected website. Attackers send the wannacry worm emails to users to ask them to click or download the attached file. When user click the link, or download the files from emails the worm enter the computer.
Wannacry malicious ransomware worm targets computers are running Microsoft windows operating systems. Wannacry spread by using EternalBlue, an exploit of Windows SMB (Server Message Block) Protocol. It installs the DoublePulsar, a backdoor implant tool, which then transfers and runs the Wannacry ransomware package. Once the package installed it will encrypt all data by converting that .crypt file format, when try to open the file, it redirect to the payment option. Also, it scans the vulnerable systems then use the EtenalBlue an exploit to gain access and spread itself to the computer network and affect all files.
Security experts warns that there will be no guarantee that the access will be granted after payment.
How to prevent it?
- The first option is try not to click the email link which is send by unknown person. Also try not to download any documents from unknown person.
- Update your Operating System updates from Microsoft.
- Ensure your network firewall and antivirus software is up to date.
- Those are using Office 365, subscribe Work Plus ATP (Advance Threat Protection) from Microsoft.
- Do regular backup of your working files and keep in separate place which is not connected to your current network.
- Ensure your email server provide spam filter is working good.
- Discovered ‘kill switch’ for Ransomware attack. It slows down the wannacry malware spread
- Microsoft issued critical security patch on 14 March 2017 to remove the underlying vulnerability on supported versions of Windows.