Ongoing Coverage about Ransomware attack (WanaCrypt0r, WannaCry, Wana Decrypt0r)
Before diving into Details about this topic I would like to point out the Important steps to Secure your Computer first. So that you can go ahead and secure your computer before getting infected by Ransomware. And if your computer or any device is already infected then you can skip this process and continue reading for further instructions.
1. Disable smb v1 (SMB Stands for Server Message Block). Don’t know how to disable? Click here.
3. Take Backup – The recommended way includes 2 copies. One for Cloud & other Physically(External Hard Disk). Once backup is done disconnect/logoff these 2 copies from your computer.
4. Install Antivirus – If you have one then make sure the “heuristic functions” of the antivirus is turned ON and if you don’t have any, then download the trial version at-least to avoid the infection.
5. Update all softwares including OS – Make sure that all of the softwares in your computer is up to date, check if their is any latest release for all the softwares, if it is there, then install it.
6. Turn on the “Show file extensions” option in your computer – Don’t know how to do? Click here. Turning ON the “Show File Extensions” will help you to spot Potentially Malicious Files easily. Keep an Spy Eye on Extensions such as ‘.exe’, ‘.vbs’, ‘.scr’, etc. However, there are several other extensions as well which they can use. So just be cautious.
7. Keep an Hawk’s eye on each operation going on in your computer. Do not trust anyone as any email or account can be compromised. Be cautious on everywhere, Social
Media, Online Forum, Online Gaming Partners, etc. Open attachments only from reliable sources and when you know exactly what is the attachment.
8. DISCONNECT YOUR COMPUTER OR ANY DEVICES from the Internet when you discover any unusual activity or rogue unknown process in your computer.
Now, if your computer is already infected by any Ransomware, then first of all Don’t pay Ransom.
Even if you pay to Ransomware, there is No Guarantee that you’ll get back your data from them. Hence, check out these instructions:
You may contact your local IT Support Services regarding this, instead of paying Ransom, which may help you to recover your files.
You can also contact No More Ransom! Organization to get more additional help and Report your concern. Visit their website here.
What is Ransomware?
In plain words, Ransomware is a malicious piece of software which allows hacker to get into any computer or any device enabling them to encrypt & lock all the files, then demands payments to decrypt/unlock them.
The Ransomware known as by these names Wannacry, WanaCrypt0r, Wana Decrypt0r 2.0 has already infected about 200,000 Victims in 150 Countries is a self-spreading mechanism derived from an NSA exploit leaked by Shadow Brokers. This exploit can be mitigated by installing these Microsoft Security patches.
Microsoft has also released an update for older operating systems such as Windows XP, Windows 8, and Windows Server 2003. The update can be downloaded from here.
How this Ransomware got killed?
Malware Tech, awarded as a “Hero of the day” discovered that the self-spreading WannaCry Ransomware was making a pre-infection check to a domain located at iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com.
The Ransomware starts encrypting the files, if the domain was unregistered. So, malwaretech registered the domain for about 10 euro thinking this might stop the process of Encryption Initialization and luckily/accidentally it stopped the infection process. MalwareTech had accidentally triggered a worldwide kill-switch for the ransomware’s self spreading feature.
Some analysts are suggesting by sinkholing the domain we stopped the infection? Can anyone confirm?
— MalwareTech (@MalwareTechBlog) May 12, 2017
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) May 13, 2017
— Warren Mercer (@SecurityBeard) May 12, 2017
— Darien Huss (@darienhuss) May 12, 2017
Check out BleepingComputer’s ongoing Coverage about this Ransomware attack(WanaCrypt0r, WannaCry, Wana Decrypt0r)
You will be happy to know that how this Ransomware Outbreak Temporarily Stopped by the “Accidental Hero” MalwareTech. Read in detail here, how they stopped this Ransomware by just Registering one domain for $10.69 and used it as a KILL SWITCH.
Do you know who is the Guy who Saved the World from this Ransomware Attack?
He is a 22 Year Old British Cyber Security Researcher who found this Kill Switch from a Small Bedroom at his Parent’s House. His name is Marcus Hutchins. Check our more about him at Business Insider.
Checkout this WannaCrypt Map :