You got an email from a new email user this morning and it has an attachment. Then You want to check the attached file which you think has some important information. When you clicked on it and probably your system stuck. Later on, when you checked all your documents and pictures are changed to some random values with XXXX in them. Now you cannot see your pictures and your documents are not opening in their respective programs. This happened due to the ransomware attack.
What is Ransomware?
A malicious software which can encrypt your documents files and show you a message to contact hacker for ransom money. Usually a bitcoin digital money. The most dangerous thing about ransomware is that it is impossible to recover files without paying the ransom.
The new version of ransomware that hit the world a few days early is the Wannacry ransomware. According to a report Ransomware virus hit about 230,000 systems worldwide. The UK’s health organization NHS is one of the major victims. It mostly hit the windows versions which were not up-to-date.
Wannacry damage to systems around the world.
How does it attack?
Emails with ransomware attachments are always circulating on the internet for many years. You may have got many of them in your spam mails. It cannot harm you unless you execute them. There is a big mis-computation that ransomware is spreading and there is nothing to stop it and it will break the whole internet. It’s rather easy to avoid them when you are cautious about the email attachments and keep your antivirus and operating system up to date.
With great power comes great responsibility, if you are an Admin or a Manager who has access to all of the company files. A single mistake like this can bring your company down. Ransomware are mostly automated attacks and they can only trigger if someone executes them. But after execution, they can spread across the insecure networks like a worm. Also, they cannot do damage to routers, switches, Linux, and Mac systems.
How the NHS got affected by Wannacry?
The report says that it attacked outdated computers. Also, four in five hospitals were unaffected. The affected hospital has got some security software updates from the provider which were also not applied.
We have tested a version of ransomware and it was very threatening to documents on the system. There is no way you can recover the documents, it is only possible with a secret key from a hacker, which can decrypt the files. Mostly hacker has left their signature and contact information. It mostly hit the documents and multimedia files. Ransomeware doesn’t affect the system files. There is a version that can lock down your PC as well but I guess it’s rare.
The most dangerous thing about it?
The most dangerous point of Wannacry was that it was behaving like a worm and it was spreading through the SMB/CIFS protocol vulnerability in Microsoft operating system. It could have done more damage but it is said that there was an unregistered domain mentioned in the kill-switch of the Wannacry. A malware tech guy identified that domain, he registered it and that kill-switch got activated. It helped in stopping of Wannacry spread and it helped in identifying the affected systems.
How does it spread?
It mostly spread through emails and websites which have infected download links mostly files convert into zip format and when you click on them they will hang your system during this system hang period ransomware starts accessing all your documents, photos, and multimedia files and starts encrypting them. The encryption of a large number of files is a highly CPU intensive task and it makes your system stuck and it will stop responding to mouse and keyboard inputs.
Ransomware goes to all the targeted files which you have access suppose your system is connected to your phone, external hard disk, and a network drive. So all the documents files that your PC has access to at that time will get encrypted and become unusable. Antivirus can detect most of the ransomware but there is always a new version of ransomware, which can reach your system undetected if you are not following proper security measures.
Backups are the most important thing which can save you. I know it is not in our nature to take backups unless we got hit by a disaster but it is always best to have a backup plan so that you can recover to a week early, rather than starting over a new company.
Ransomware is a new breed of malware that can cause damage through mostly email attachments. But websites download links also contain ransomware viruses, software cracks and can spread via USB and insecure networks with insecure shares. If you keep your computer and operating system update, you can avoid it. Avoid opening email attachments from unknown users. Always Avoid sharing your files with everyone on the network. Avoid the use of USB unless you are sure it is clean.