Mukhtar Ahmad Farooqi
WannaCry Ransomware has recently been in the news. In lieu of this, I thought of writing something about to make the masses aware and how not to become its victim. Also known as WannaCrypt, WannaCryptor or Wanna Decryptor, it has struck approximately 150 countries and affected over 230,000 systems. WannaCry Ransomeware was used in a major cyber-attack that started on Friday, 12 May, 2017 and affected organizations across the world including the NHS, FedEx and Telefonica in Spain. In UK’s NHS (National Health Service) operations were cancelled, X-ray, test results and patient records became unavailable and phones did not work.
WannaCry is a piece of Ransomware targeting Microsoft Windows machines using a flaw discovered by National Security Agency (NSA) and leaked by hackers, to spread rapidly across networks, locking away files. Ransomeware is a kind of cyber-attack wherein hackers take control of computer system and block access to it. Cyber criminals gain access to the system by downloading a malicious software onto a device within the network that locks(encrypts) files on a computer and demands payments(ransom) to unlock(decrypt) them. Once malware is on a victim’s computer, it uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
Ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive. Thus, Ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key (Wikipedia). Ransomware supports 28 different languages and encrypts 179 different type of files.
Sources of Ransomware can be visiting unsafe and suspicious websites, opening emails and attachments from unknown people, and clicking on malicious or bad links in emails or social networking sites.
Specific Ransomware programs like WannaCry locks all the data on a computer system and leaves the user with only two files: instructions on what to do next and the Wanna Decryptor program itself. When the software is opened it tells computer users that their files have been encrypted, and gives them a few days(usually 3days) to pay up, warning that their files will otherwise be deleted( after 7 days). It demands payment in Bitcoin (Digital Currency), gives instructions on how to buy it, and provides a Bitcoin address to send it to. The hackers demand between 0.3 and 1 Bitcoins (£400 – 1,375), but can demand a payment denominated in dollars but made via Bitcoin. The digital currency (Bitcoin) is popular among cybercriminals because it is decentralised, unregulated and practically impossible to trace.
On Friday evening on the 12th of May 2017, the domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com was registered by a 22 year old who identified himself only as MalwareTech, security researcher from South-West England who worked for Kryptoslogic and spotted the domain in the code of WannCry and this inadvertently turned out to be a kill switch to stop the worm spreading. He managed to stop the spread of the attack on Saturday by accidentally triggering a “kill switch” when he bought a web domain for less than £10.
The question now is : how to protect yourself against Ransomware attacks?
The best protection against Ransomware attacks is to have all files backed up in a completely separate system. This means that if you suffer an attack you won’t lost any information to the hackers;
Run Windows Update to get the latest software updates.
Make sure any anti-virus product is up to date and scan your computer for any malicious programs.
All outgoing and incoming emails are scanned for malicious attachments.
Scrutinize links and files contained in emails.
Have popup blocker running on in web browser.
Only download software from trusted sources.
Now, what should one do if he/she already has become a victim?
Victims are advised to never pay the ransom as there is no guarantee that all files will be returned to them intact and neither there is any evidence that they have returned any file. Also it will encourage hackers to launch such attacks in future. The best antidote then is to be careful and thus stay safe.
—The author can be reached at: [email protected]