It was just another day until I saw that meme about WannaCry while scrolling the Feed. The Malware was popular enough for sharing a meme, but I was unaware of it. Immediately searched the google for Ransomware, and I got excited, not because I don't use windows but it was the major malware attack and I got something new to
In case you don't know about WannaCry
WannaCry is a ransomware (Malware that demands a ransom) which spreads across computers and encrypts all your files in the network and demands a ransom for decrypting the files.
Today, I realised the seriousness of the attack when my bank was unable to update my passbook as their systems were shut down because of the Malware. so I thought of writing a post.
My interest went to a whole new level when I read how a person from MalwareTech unintentionally slowed down the spread of the ransomware.
How he was able to stop it?
While studying the malware, he found out that it makes a request to an unregistered domain which doesn't exist before infecting the system. He found that the malware works like if there is a response from the domain then it quits without affecting, but as it is a unregistered domain there would be no response and malware continues to attack.
He immediately bought the domain for just $10 and make it to send responses with recording the requests which he calls sinkhole. This stopped the malware from attacking further but it didn't stopped the Hackers from changing the code and releasing the WannaCry 2.0
I can see many fake posts and advertisements. Antivirus products even make ads in MacOs X to protect it from WannaCry. WannaCry is programmed for windows and it works only in windows.
How it started?
The ShadowBrokers hackers group released the vulnerability in SMB protocol used by windows for file sharing. WannaCry team used this vulnerability to spread the malware.
How it is different?
Usually computers get infected only when you download or click any unwanted links that contains the malware. So making it spread across the world using phishing emails or ads is not possible.
This is not the case with WannaCry, it uses the SMB protocol and automatically sends itself over the network to other connected computers. So if your system is vulnerable it will get affected in minutes if you are connected to internet.
How to be safe?
You are already safe unless you are using Windows. Backup your important files and keep your windows updated. Microsoft released the security patch for the problem, but many computers still remain not updated.
Do you need to pay the Ransom?
Don't pay the ransom because the files in your personal computer won't be worth the money. The threat is for major organisations having important data on their systems. As a PC user you won't have such files. Also there is no assurance that you will get your files back because they don't take any details of the payee. If you are affected and you think your files are not worth it, then simply format the disk and start from fresh.
My views on this Ransomware
It gained popularity quickly as it used a windows vulnerability to spread. This is the reason why Microsoft is forcing its users to update their installations. The effect would be even more deadly if the hackers achieved the same in linux distributions, as linux contributes more in servers and that would
affect more responsible systems than just personal computers.
Another interesting thing is that the hackers demand money in bitcoin so they can remain untraceable. I found another new technology Bitcoin. Bitcoin is an intelligent technology for transferring money without any central authority. Bitcoin seems interesting and I am having thoughts on another post about Bitcoins.
If you came here with an idea of finding a way to get back your files, sorry no workaround is found till now to decrypt the files affected by WannaCry.