What is Ransomware?
It’s a malware that blocks users from accessing their systems, devices, computers or servers by locking their screens and paralyzing their systems unless a user agrees to pay a Ransom. Thus, the term Ransomware.
There are two types of ransomware:
- Encrypting ransomware
It has advanced encryption algorithms to block system access for backup and recovery. The hacker will only unlock the system by decrypt key that only he has access to enable users to access the data after a ransom has been paid. Read these encrypted ransomware examples CryptoLocker, Locky, CrytpoWall and more. 2. Locker ransomware It locks a user out of their own systems by making their files and data inaccessible. It does not encrypt any files or data but infects the PC and make it useless until a ransom has been paid. In extreme cases, users have reported the loss of data and sensitive material even after they paid the ransom. Its examples are police-themed ransomware or Winlocker.
- Ransomware Infection and Behavior:
The massive ‘WannaCry’ ransomware cyber-attack reported since Friday 12th, 2017 across Europe, Asia, America and other continents is beginning to spread through the world.
Cyber security experts said the spread of the virus, dubbed WannaCry – “ransomware” that locked up more than 200,000 computers had slowed on Sunday, but new versions of the worm are expected, even while the world was yet to take stock of the extent of damage from Friday’s attack.
Ransomware gets downloaded with a click from a spam email and activates macros in a malicious document or when a user unwittingly visits a malicious website. Usually, they are executable files with hidden data and encryptions that target system vulnerabilities, latest being Microsoft service packs which have not been updated in a while.
Once clicked, they begin hijacking the system and locks you out of your computer and does not let you go beyond your computer screens and encrypts your data with their coded encryptions. It also has information as to how, when and where to pay the ransom.
Common methods used by cybercriminals to spread ransomware:
- Spam email campaigns that contain malicious links or attachments
- Security exploits in vulnerable software
- Internet traffic redirects to malicious websites
- Legitimate websites that have malicious code injected in their web pages
- Drive-by downloads
- Malvertising campaigns
- SMS messages
- Self-propagation (spreading from one infected computer to another);
- Affiliate schemes in ransomware-as-a-service (earning a share of the profits by helping further spread ransomware).
Several firms in Europe were the first to report having their mission-critical Windows systems locked, showing a ransom note (as shown below). This quickly developed into one of the most widespread ransomware outbreaks currently affecting a large number of organizations around the world.
Few organizations had to take their IT infrastructure offline, with victims in the healthcare industry experiencing in the UK, mainly NHS (National Health Services) delayed operations and forced to turn away patients until processes could be re-established.
Who is affected?
This variant of the WannaCry ransomware attacks older Windows-based systems like XP and Vista. Europe has the highest detections for the WannaCry ransomware so far. The Middle East, Japan, India, Hong Kong, and several countries in the Asia-Pacific (APAC) region showing substantial infection rates as well.
WannaCry’s infections were seen affecting various enterprises, including those in healthcare, manufacturing, energy (oil and gas), technology, food and beverage, education, media and communications, and government.
What does WannaCry ransomware do?
WannaCry ransomware targets and encrypts 176 file types. Some of the file types WannaCry targets are database, multimedia and archive files, as well as Office documents. In these attacks, data is encrypted with the extension “.WCRY” added to the file names. Also, the attack dubbed “WannaCry” is initiated through an SMBv2 remote code execution in Microsoft Windows.
In its ransom note, which supports 27 languages, it initially demands US$300 worth of Bitcoins from its victims—an amount that increases incrementally after a certain time limit. The victim is also given a seven-day limit before the affected files are deleted—a commonly used fear-mongering tactic.
‘Want to Cry’ or ‘WannaCry’ ransomware uses ‘.WCRY’ extension with ETERNALBLUE EXPLOITfrom the “ShadowBrokers” dump released last month.
File Name : tasksche.exe
SHA : ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
Protect yourself from Ransomware:
- Take 2 backup copies of your important data. For example, one on an external hard drive and other on the cloud.
- Keep your operating system and the software updated with the latest security updates.
- 3. In office, restrict administrative access of users.
4. Turned off Macros in Microsoft Excel, Word or Power point if possible.
5. Adjusted web browser’s security and privacy settings for increased protection
6. Use an ad blocker to avoid the threat of potentially malicious ads.
7. Never open spam emails or emails from unknown senders
8. Never download attachments from spam emails or suspicious emails
9. Never click links in spam emails or suspicious emails.
10. Use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner.
11. Implement traffic filtering solution that can provide proactive anti-ransomware protection.
Using these methods, you can be ascertained that spread of this ransomware will be limited but these are not absolute solutions. We recommend that you consult a cyber security expert if you think your organization is under attack.
Do you feel you’re under attack with a Ransomware?
You can email us on firstname.lastname@example.org or call us on our number +91 79 6617 3708 in India or our USA office +1 803 767 4034.