What is WannaCry?
WannaCry is nothing but a malware which is a scary type of trojan virus called “ransomware.” As the name suggests, the virus in effect holds the infected computer hostage and demands that the victim pay a ransom in order to regain access to the files on his or her computer.
WannaCry Ransomware Attack
WannaCry was first discovered on Friday, May 12th, and it had spread to an estimated 57,000 computers in more than 150 different countries around the world by the end of the day.
On Saturday, Security researcher named Marcus Hutchins inadvertently slowed the spread of the WannaCry virus when he registered a domain name hidden within the virus’ code in an attempt to track the spread of WannaCry, unintentionally stopping its progress in the process.
How was WannaCry generated?
NSA discovered the “EternalBlue” exploit that would later be used by the WannaCry trojan. Then, for keeping under wraps to use for its own intelligence gathering purposes. The security hole was then made public last month when a group of hackers called Shadow Brokers released the details of the exploit to the public.
How WannaCry works?
WannaCry works by encrypting almost every files in a user’s computer. After that, the software demands a ransom be paid in order to have the files decrypted.
In the case of WannaCry specifically, the software demands that the victim pays a ransom of $300 in bitcoins at the time of infection. If the user doesn’t pay the ransom without three days, the amount doubles to $600. After seven days without payment, WannaCry will delete all of the encrypted files and all data will be lost.
1 bitcoin = Rs. 110415/- (approx)
Targeted File Extensions by WannaCry:
Hashes for WannaCry Ransomware:
How to protect yourself from WannaCry?
- If you are using Windows Operating System such as Windows XP, Windows 8, or Windows Server 2003 should immediately install security update released on Friday by Microsoft.
- Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.
- Enable Windows Defender.
- Backup regularly and make sure you have offline backups.
- Block port 445 for extra safety
- Disable SMB
- Turn on Firewall & Block SMB Ports
- Don’t click or download any PDF/Exe attachments in emails.
How to disable SMBv1?
- Go to Control Panel
- Open ‘Programs. and Features’
- Click ‘Turn Windows Features on and off.’
- Scroll down to find ‘SMB 1.0/CIFS File Sharing Support’ & Uncheck it.
- Click OK.
- Restart the computer.
What should I do if my system is infected with WannaCry?
Recently, there is no fix for WannaCry available at this time. Cyber Security experts and researchers are hard at work looking for ways to decrypt files on infected computers, but no means of third-party decryption are available right now.
Affected users have backups of their data available, because the only other option right now is to follow the instructions offered in the software to pay the ransom.