Ransomware is a malware that locks your computer making it inaccessible or it encrypts your data. It then demands you to pay a ransom for unlocking the computer or decrypting the data. This post talks about the file encrypting ransomware called WannaCry – the biggest ransomware attack in history!
1. What is WannaCry and why is it being called a global phenomenon?
The WannaCry Ransomware attack begun on 12th May 2017 (Fri) and within a day it managed to infect over 200,000 computers in 150 countries making it the biggest ransomware attack in history. After this malware encrypts the victim’s files, it demands a ransom of $300 in bitcoins. If the ransom is not paid within 3 days, the price doubles to $600. And if the payment is not paid within 7 days, the malware threatens to delete all the encrypted data permanently.
2. How did WannaCry come into being?
The U.S. National Security Agency (NSA) reportedly discovered an underlying vulnerability (MS17-010) in Microsoft’s Sever Message Block (SMB) protocol (“used by Windows machines to communicate with file systems over a network.”). The NSA chose not to inform Microsoft about this vulnerability and instead built an exploit called EternalBlue which could be used for intelligence-gathering purpose. A hacking group called Shadow Broker stole the details of this exploit and leaked them in public which ultimately went on to trigger the WannaCry outbreak worldwide. Microsoft had already released a security update to patch this vulnerability in March 2017, but many users and organizations failed to apply this update, exposing their systems to the attack.
3. Did WannaCry spread via emails?
Initially, it was thought so. But, the latest reports stated that the attackers behind this malware targeted systems running vulnerable SMB ports (SMB v1, in this case). When these systems were traced, the leaked EternalBlue exploit was used to launch the attack.
4. What makes WannaCry so scary?
The WannaCry ransomware is a self-propagating worm. This means, after it infects one computer, it searches for other computers in the network with the same vulnerability. If found, it can spread on its own without any user action.
5. Is the WannaCry attack over?
No. While the attack that occurred on 12th May 2017 was slowed down by a security researcher, it hasn’t stopped and is still active on the Internet. What’s even worse, some newer variants of this ransomware have been detected in the wild. The chances of a second wave of attack are really high.
6. How to stay protected against WannaCry?
If you are using an older version of Quick Heal, it is strongly recommended that you upgrade it to the latest and more secure version. It’s easy and is available free of cost. Click here to know how to upgrade.