Most people heard about the new ransomware outbreak that disrupted systems worldwide in May known as WannaCryptor (otherwise known as WannaCry or Wcrypt). However, while most of us recognize its name, we don't know what it is, nor how to prevent ransomware in general. Here is a bit more information about both!
What is WannaCry?
WannaCry attacked at least 75,000 PCs within 24 hours effecting hospitals, schools, and offices worldwide. WannaCry used a flaw in Microsoft’s software found by the National Security Agency, which was consequently leaked to hackers and used to rapidly
spread WannaCry. Microsoft released a patch for this flaw in March after National Security Agency’s discovery; however, those users still running the old Windows XP operating system or did not apply the patch were vunerable. WannaCry works by locking all the data on a computer system and leaves the user with two files remaining: instructions on how to retrieve their encrypted files and the WannaCry program itself. The user is then instructed to pay $300 within three days to decrypt all their files at this price, then after the three days the price doubles to $600, and after seven days the files are gone forever.
How was WannaCry stopped? A U.K. researcher going by the name of ‘Malware Tech’ shut down the operation when he noticed one of the web domains used by the attackers wasn’t registered. So, for the small price of $10.69 he took control of the domain and consequently killed the spread of WannaCry.
The attackers made as much as $17,500 from 52 transactions with payments still coming in. For those who are already infected ‘Malware Tech’s’ rescue was a little too late for them and unfortunately they will rely on the plans and backups they currently have in place to sole the problem. While WannaCry is currently out of action, they will more than likely alter their code to prevent Malware Tech’s actions from occurring again and start a new campaign.
How should you protect yourself against ransomware?
- Backup all files in a separate system
- Install anti-malware software
- Remain suspicious of unsolicited emails
- Type out addresses yourself rather than clicking on links
- Run patches and updates promptly
What should you do if you become a victim of ransomware?
When it’s too late to protect yourself from ransomware, it is important to know what steps to take to minimize the damages.
Don’t pay While it seems logical to pay the ransom and retrieve your files, people are advised not to so. Paying once could make you a target for ransomware in the future, so it is important to never pay and back up your files. Having your files backed up on a separate hard drive allows you to recover those files without having to consider paying the criminals.
Disconnect The first step to take is to unplug your device and other connected devices from the internet to prevent the program from spreading. While this does not mean it will stop the ransomware from spreading on the already infected device, it can prevent the ransomware from moving on to all other connected devices.
Remove ransomware Odds are that you won’t be able to remove the ransomware from your device on your own, but it is still important to find a way to resolve the issue. Contact your IT support team to help you.
Alert law enforcement While Law enforcement won’t be able to get rid of the ransomware it is important you contact them to report on what is occurring. The people sending out ransomware are committing a crime and hopefully they will be able to stop the criminals in their tracks before effecting other users.
WannaCry has made major headlines over these past few weeks. With its ability to spread within networks. This occurrence is just another reminder to keep files backed up on another device or in the cloud and always be wary of unknown websites and sources.