• Associate Sponsor

WannaCry: Here’s all you need to know about the biggest ransomware attack

What is WannaCry and how can it be stopped? Everything you need to know about the biggest ransomware attack.

Written by Nandagopal Rajan | New Delhi | Updated: May 14, 2017 9:08 am
Wannacry, Wannacry ransomware, Wannacry cyberattack, what is Wannacry, how to stop Wannacry, Wannacry ransomware attack, Wannacry attack, cyberattack, ransomware attack, Windows, Microsoft, NHS cyberattack, technology, technology news What is WannaCry and how can it be stopped? Let’s find out

In the end it cost @malwaretechblog just $10.69 to buy the domain name that would kill WannaCry, arguably the biggest ransomware attack the world has ever seen. But by then, this crypto-ransomware, also called WannaCrypt, had hit at least 45,000 computers spread over 74 countries demanding a $300 ransom in Bitcoins to restore access to these devices and the information inside. Alarmingly, the attack also affected UK’s National Health Service stalling surgeries and other work across the British Isles as patient information and documents became inaccessible.

What is ransomware?
There are many types of malware that affect a computer ranging from those that steal your information to those that just delete everything on it. Ransomware, on the other hand, prevents users from accessing their devices and data till a certain amount is paid to its creator as ransom. Ransomware usually locks computers, encrypts the data on it and prevents other software and apps from running. The WanaCrypt0r 2.0 bug, for instance, wants $300 to be paid in Bitcoins to unlock the affected computers. However, paying the ransom is no guarantee for getting the files will be restored and might just open up new attacks.

Aaditya Uthappa, Director – Enterprise Business, Paladion Networks, says this is criminal behaviour and the owners/authors of the ransomware are under no obligation to fulfil their promise of unlocking our files. Suggesting that this could be sensed as an opportunity to continue extorting money, he adds that it is better to get help from the cyber police cell before making a decision.

How do ransomware attacks take place?
Like all malware, ransomware too exploits vulnerabilities in operating systems. Strangely, in this instance, the hackers could have used the ‘Eternal Blue hacking weapon’ created by America’s National Security Agency (NSA) to gain access to Microsoft Windows computers used by terror outfits and enemy states.

Microsoft claims it “released a security update which addresses the vulnerability that these attacks are exploiting” in March itself and advised users to update their systems in order to deploy the latest patches. A post attributed to Phillip Misner, Principal Security Group Manager Microsoft Security Response Center, said some of the attacks were using “common phishing tactics” like malicious attachments and asked users to be cautious while opening attachments.

Wannacry, Wannacry ransomware, Wannacry cyberattack, what is Wannacry, how to stop Wannacry, Wannacry ransomware attack, Wannacry attack, cyberattack, ransomware attack, Windows, Microsoft, NHS cyberattack, technology, technology news WannaCrypt had hit at least 45,000 computers spread over 74 countries demanding a $300 ransom in Bitcoins to restore access to these devices and the information inside. (Image credit: AP)

What can be the impact of a ransomware attack?
Depending on the critical nature of the computer involved, any malware attack can have serious implications in the highly digitised worlds we live in. In the WannaCry attack it is reported that many surgeries had to be put off, x-rays cancelled and ambulances called back. For many years it has been feared than an attack of this nature can bring public utilities or transport systems to a halt. And that is why a lot of stress is being laid on security of these properties across the world. If a service like an urban metro rail is target, you can rest assured that the ransom will be way above $300.

What is the threat to a country like India?
As India goes increasingly digital, our vulnerability as well as the resultant impact increase too. For instance, a ransomware attack can easily hold a service like the Delhi Metro or a power utility to ransom, quite literally. Also, the fact that a lot of what we have online is now also connected to the Aadhar data of over a billion Indians makes the threat even more real and worrisome.

Wannacry, Wannacry ransomware, Wannacry cyberattack, what is Wannacry, how to stop Wannacry, Wannacry ransomware attack, Wannacry attack, cyberattack, ransomware attack, Windows, Microsoft, NHS cyberattack, technology, technology news WannaCry cyber-attack has affected nearly hundred countries around the world. (Image credit: Malwaretech)

How to respond to a ransomware attack?

Disconnect from the internet to ensure there is no further infection or exfiltrating of data as the ransomware will be unable to reach the command and control servers. Set BIOS clock back in case the ransomware has a time limit associated to it as with WannaCry. You can also reach out to the Cyber Police Cell of your state immediately. Sites like nomoreransom.org or bleepingcomputer.com can also help

For all the latest Technology News, download Indian Express App

  1. V
    vikas
    May 16, 2017 at 12:05 am
    How long this wannacry ransomeware attack will comtiue and is there any news that this ransomeware attack is over or not????
    (0)(0)
    Reply
    1. D
      Darkasvim
      May 16, 2017 at 12:24 am
      The worm uses an SMB exploit to replicate over a network, so unless the machines are patched MS17-010, expect to see continuing infections. This malware is built using 2 mechanisms, an SMB exploit and a backdoor, to infect unpatched machines, expect to see more variants. - wannacry2.0 etc
      (0)(0)
      Reply
    2. MxION technologies
      May 14, 2017 at 6:06 pm
      use nmap script to check if your system is vulnerable or not if port 445 is filtered from microsoft windows then its ok (50 you are safe) or else you are ed
      (0)(0)
      Reply
      1. S
        Srinivasan
        May 14, 2017 at 4:22 pm
        Updating the security patches would have reduced the impact of the attack. While the security patches have been released by micro soft in march for the vulnerability exploited by the 'Wannacry' malware most of the affected people did not update the patch up to 11th May. Patch updation is a very important activity and it can create a havoc like this affecting 74k computers. Also awareness among the users for not opening attachment when the mail is not from known source has to go deep in to their head. When we do not do what we are ought to these kind of incidents may continue to happen.
        (0)(0)
        Reply
        1. Stephen Hope (IML_team_lead)
          May 13, 2017 at 10:48 pm
          Great read for people interested in Intelligent Machine Learning
          (0)(0)
          Reply
          1. A
            ah
            May 13, 2017 at 7:47 pm
            ‘Eternal Blue hacking weapon’ created by America’s National Security Agency (NSA) to gain access to Microsoft Windows computers used by terror outfits and enemy states. ................ it is clear NSA or one of his employee is getting over-smart..........
            (0)(0)
            Reply
            1. Load More Comments
            Adda