Global ransomware WannaCry (WanaCrypt0r 2.0) cyber attack downs windows computers massively around the world
by CIRT Team
A massive ransomware attack affected computer systems across the world. Security researchers say it is a Windows exploit first developed by the United States National Security Agency, shut down computer systems across several countries. It has hit computer systems of hundreds of private companies and public organizations across the globe which is being called as WannaCry (also known as ‘Wana Decrypt0r,’ ‘WannaCryptor’ or ‘WCRY’).
Like other ransomware variants, WannaCry also encrypts all the data on a computer system to block access and decrypts it only after the computer user/owner agrees to pay a ransom, usually in bitcoin. Once infected with the WannaCry ransomware, victims are asked to pay up to $300 in bitcoin in order to remove the infection from their PCs; otherwise, their PCs remain unusable, and their files remain locked.
According to UK publication, The Guardian reported that as many as 16 National Health Service trusts, some of which oversee several hospitals, were affected in the attack and that hospital staff were unable to access patient records. Hospitals are a common target of ransomware attacks, perhaps because their dependence on patient records makes them likely to pay up quickly and easily. Another report says 85% of computers at the Spanish telecom firm, Telefonica, has got infected with this malware.
Heat map around the world showing the affected by this ransomware prepared by Kaspersky lab.
Wanna Cry uses an Microsoft Windows exploit that was made public after a group of hackers called Shadow Brokers released files and hacking tools purportedly belonging to the American NSA, US’s premier signals intelligence agency. WannaCry attackers are leveraging this Windows exploit harvested from the NSA called EternalBlue. Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks. BGD e-GOV CIRT also published security alerts regarding this : Click Here
The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. This is why WannaCry campaign is spreading at an astonishing pace. Once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well. It is unclear how the WannaCry ransomware is infecting systems, but obvious attack vector can be phishing emails or victims visiting a website containing malware.
How to Protect Yourself from WannaCry
- If you haven’t patched your Windows machines and servers against exploit (MS17-010), do it right now. For this, update your windows immediately by using Windows Update feature. Check BGD e-GOV CIRT security advisories here for detail of the exploit.
- Should always be suspicious of uninvited documents sent an email and should never click on links inside those documents unless verifying the source.
- Should keep a good backup routine in place that makes important file copies to an external storage device that is not always connected to your PC.
- Finally, make sure that you run an active & latest anti-virus security suite on your system, and most importantly, always browse the Internet safely.
For more detail in Bangla, Click Here