Last month’s Wannacry or Wannacrypt ransomware cyber attack that affected over 230,000 computers across the world made ransomware a term that’s no longer limited to those in IT or security only. The attacks made all of us realize that it’s something hard hitting closer home. This massive cyberattack disrupted a number of hospitals and organizations across the world, and had hit Europe, Russia and Asia the hardest.
— Carlos R. Muñoz (@crmunoz27) May 13, 2017
WannaCrypt – the destruction machine
The ‘WannaCrypt’ software – the ransomware, turned the situation into a painful one as it locked the victim company’s or hospital’s networks, held data and files hostage till the victim paid the ransom. The situation worsened and the hospitals had to stop admitting new patients and the companies had to shut down their networks resulting in the disruption of services on a global level.
— Jamie Bartlett (@JamieJBartlett) May 12, 2017
This WannaCrypt malware is reported to be using Social Engineering for targeting the companies. This ransomware, unlike others, encrypts all files within a user’s reach and if he happens to be an administrator, the effects can be devastating. It also tries disabling shadow copies and make registry modifications in HKLM hive that needs administrator privileges. For spreading, this ransomware utilizes a vulnerability that it exploits to get SYSTEM level access. Thus, this attack is very destructive even if users don’t have admin privileges on their systems or servers.
This attack got contained when a 22 year old British researcher whose Twitter handle is ‘Malware Tech’, inadvertently registered a domain name that the ransomware’s code after installing itself on a system, sent a message to. The malware code included a command to ping an unregistered domain name. It was flourishing as the next piece of code execution required a message back that the address does not exist. But as soon as it was registered, the further code execution stopped, and thus, the ransomware stopped spreading.
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) May 13, 2017
This is and was not a one time happening. Cybercriminals are getting smarter each day and so, it’s necessary that we too learn and adopt the best practices to prevent ourselves from such cyber-attacks.
How can I protect myself from ransomware?
Here are few things that can help you to keep yourself safe in case anything like this repeats in future:
Apply security patches and update all your software to their latest versions. Microsoft worked relentlessly to release updates and patches to contain the situation and provide best protection against ransomware to its customers. It released a security update for users of Win Vista, 7, 8.1 and 10 to address a vulnerability that’s exploited by the ransomware attacks. Those who have enabled Windows Security Update will be safe from attacks on this vulnerability. For those who haven’t applied it yet, it’s important to install Microsoft Security Bulletin MS17-010M.
For users of Active Windows Defender, Microsoft released an update especially for WannaCry threat– Ransom: Win32/WannaCrypt
For the users running older Windows versions that do not receive any mainstream support, Microsoft released a Security update in only custom support. Windows Server 2003, Windows 8 and Windows XP Security Updates can be downloaded from these links here:
Localized update versions: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Your systems should have up-to-date anti-malware installed. You should confirm with the security company from whom you take the anti-malware software if these protect you against ransomware.
Many security experts feel that these attacks will evolve with time, so additional security strategies will need to be formulated with time. To protect against SMBv1 attacks, it is recommended that you should block traditional protocols on your networks. Many of these attacks work on generally used phishing methods like sending malicious attachments.
Always backup your most important files and data off-premises in order to recover data from ransomware. Cloud backup is your best strategy and defense as backup ensures that your data remains safe and away from these security threats
Last but not the least, best ransomware protection is to be very vigilant when you open documents from unknown or untrusted sources.
Applying updates does not always give any infection protection, but can help in preventing the spreading of malware any further. Remember-
The most important thing is that users should not click, open or enable macros in emails.
Anti-virus should be strong enough to detect the malware timely.
Patch your Windows systems and keep signatures up-to-date.
Ensure that your users should have the knowledge never to click a suspicious attachment. In case any attachment opening offers application execution, they must quickly consult a system administrator in any doubt.
In case you have any feedback or need more information on ransomware or backup, do let us know in the comments section.