WannaCry is arguably the most frightening ransomware attack the world has ever seen. Since Friday, it has hit more than 200,000 victims in 150 countries, including hundreds of large corporations. Though the governments and companies have been able to gain the upper hand, the ransomware could be back in a big way. WannaCry is not just a ransomware, but also a worm. Once it gets into your computer, it looks for the other computers on the network to spread itself as widely as possible.
WannaCry uses NSA’s EternalBlue and DoublePulsar
Ransomware is a malicious software that encrypts files on your computer and then demands payments to decrypt them. WannaCry exploits a vulnerability in the Windows operating system that was first identified by the National Security Agency (NSA). Shadow Brokers, the group behind WannaCry, stole them from a secret NSA server.
The ransomware targets the MS17-10 vulnerability in the Windows SMB. WannaCry uses NSA’s EternalBlue exploit to leverage the MS17-10 vulnerability. Security experts have discovered that the ransomware also uses NSA’s DoublePulsar as the backdoor. Interestingly, Microsoft had patched the vulnerability right before the stolen data was published in March. Security experts believe that the NSA might have tipped off Microsoft about the flaw.
After the WannaCry attack, Microsoft went out of its way to ensure the safety of users. The software giant has dropped support to older versions such as Windows XP and Windows Server 2003, as well as the widely-criticized Windows 8. Organizations still using any of the unsupported platforms will get regular security updates only if they pay enormous fees for “custom support.”
The ransomware targets all versions of Windows before the Windows 10 if they have not been patched for MS17-10. To protect users, Microsoft broke its own rules and released a free security update to fix the flaw even for unsupported Windows platforms. People who don’t install security updates and patches are most vulnerable to the attack.
How to protect your computer from WannaCry
A good thing is that the flaw does not exist in Windows 10. Users of Windows 7, Windows 8.1 and Windows Vista can protect themselves by updating the software by running Windows Update on their computer. For people still running the unsupported platforms such as Windows XP, Windows Server 2008, and Windows 8, Microsoft has made the patch available for free on its website. Just go to Microsoft’s website and install the update.
The ransomware is spreading through email, and is evolving rapidly to attack more computers, including Apple devices. Be wary of malicious email attachments and links. Phishing emails are the primary way WannaCry ended up on corporate networks.
Many anti-virus tools including Microsoft’s Windows Defender now recognize and block the ransomware. But since newer variants of WannaCry are emerging rapidly, one or more of them could break past defenses. Corporations need to run “penetration tests” against their networks’ security, and ensure that all incoming and outgoing emails are scanned for malicious links and attachments.
An equally important thing is to back up all the important data on your computer. That way you won’t lose your data if your computer gets held for ransom. It brings us to another important point.
Should you pay the ransom?
If you are a victim of the latest ransomware attack and $300 is no big deal for you (or your data is more valuable than $300), should you pay the ransom to regain control of your computer? A Twitter bot tracking payments to Bitcoin wallets set up by Shadow Brokers reveals that dozens of people have paid the amount in Bitcoin.
However, security experts have warned against paying the ransom. First, you’ll be contributing funds towards future crime. Second, since you are dealing with criminals, there is no guarantee that your files will be restored after you have paid them.
Security experts said there is little chance the victims will regain access to their files, even if they do pay, because of the way WannaCry is designed. Victims have to contact the criminals for a decryption key to unlock their files. Prof Alan Woodward of the University of Surrey doubts if someone would return your contact request, considering the amount of attention they are getting from all corners.
Microsoft president criticizes NSA
Microsoft president and chief legal officer Brad Smith lashed out at the National Security Agency (NSA) for its role in turning a Windows security flaw into a weapon for cyber criminals. He said the virus attack that crippled computers worldwide proves that “stockpiling of vulnerabilities by governments” is a major problem. The NSA allowed its data to be stolen from its servers by hackers to launch the biggest ransomware attack in history.
Brad Smith likened the WannaCry attack to the US military having its Tomahawk missiles stolen.