WannaCry or WannaCrypt is a ransomware that also known as WanaCrypt0r or Wcrypt, targets microsoft’s windows operating systems and discovered on May 12- 2017, WannaCrypt was used in a large Cyber-attack and has infected more than 200,000 users in 150 countries. Attackers are reportedly using Microsoft Windows exploit Eternal Blue which was allegedly created by the NSA. These tools have been reportedly stolen and leaked by a group called Shadow Brokers.
It gains access to the computer system via an email attachment and thereafter can spread rapidly through LAN. The ransomware can encrypt your systems hard disk and all connected devices like your sd card and pen drive as well.
How to identify if your PC is infected with WannaCry or WannaCrypt :
WannaCry or WannaCrypt ransomware works by encrypting your files on computers, locking users out thus, you can not open your files .If you are infected a message will appear onscreen with a ransom demand, countdown timer and bitcoin wallet to pay funds into.
How does the WannaCry or WannaCrypt spread :
Attachments or links in phishing emails, or downloading programmes containing malware can all spread the virus.
There are several ways to spread this virus, WannaCry or WannaCrypt ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named as EternalBlue which was reportedly stolen and misused by a group called Shadow Brokers.
How to protect & stay safe against WannaCry or WannaCrypt ransomware :
- Microsoft recommends upgrading to Windows 10 .
- Install the security update MS17-010 released by Microsoft. The company has also released security patches for unsupported Windows versions like Windows XP, Windows Server 2003, etc.
- Windows users are advised to be extremely wary of Phishing email and be very careful while opening the email attachments or clicking on web-links.
- Make backups and keep them securely
- Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt so enable and update and run Windows Defender Antivirus to detect this ransomware.
- Make use of some WannaCry or WannaCrypt Ransomware Tools.
- Disable SMBv1 with the steps documented at KB2696547.
- Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445
- Enterprise users may use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run.