A prodigious cyber attacked organisations around the globe using tools stolen from the US NSA (National Security Agency). There are reports of 150 countries affected since Friday which includes Russia and China too. The most serious attack was in the UK on NHS (National Health Service).
The ransomware attack happened on Friday and is considered to be one of the biggest so far hitting organisations from Russian Interior Ministry to FedEx, a delivery firm. News are that around 40 NHS organisations were hit affecting their operations and appointments getting cancelled.
What is a Ransomware?
It is a combination of ransom and software, and refers to any kind of malware that demands a ransom from a user in exchange for the return of the kidnapped file. This threat works like kidnapping in real life, except the things in captive are files –multimedia files, office files, system files or files that your system relies on to, or your confidential data. How does it spread? Typical methods such as attachment through un-solicited emails, clicking on a link on an email which are claimed to be from a delivery company or a bank , peer to peer file sharing networks being passed by activation keys through popular software such as Microsoft office, adobe etc
Types of attacks:
- File coder: Which encrypts the files of your system and can be read only if decrypted.
- Lock screen: Locks your computer and stops you from using it until you pay the ransom.
Fig: Countries affected initially in few hours according to Kaspersky’s research.
How does the malware work and who’s behind it?
This attack was deployed via a worm- that spreads by itself between the computers. The worm will hunt down all the vulnerable machines and infects them once it enters an organization. Many experts reported that the attack was built to exploit a weakness in Microsoft systems named EternalBlue identified by NSA. A group of hackers known as The Shadow Brokers stole the NSA tools and made it freely available in April claiming a protest against US President Donald Trump.
Many computers in hospitals were running on Windows XP and Microsoft stopped supporting this OS in 2014 and left it vulnerable to attacks. Government also warned the NHS to upgrade from Microsoft XP but NHS did no action on the matter and left an opportunity open to the hackers to attack the systems.
The above WannaCry Attack was shown on a save environment on a security researcher’s system. The virus took over user’s file and demanded $300 to restore the files.
Organisations in Europe and Asia are warning employees not to click on links of emails and attachments. And the ransom shouldn’t be paid as there is no guarantee that the files will be restored.
Microsoft is arguing that there shouldn’t be an obligation that it has to update all users and not just the one who pays extra for security on older versions. If the update is for an individual then it is not that huge but if the network is for big organisations like UK’s NHS then it will obviously be expensive and complex.
6 Easy Steps to Protect Yourself
Recently, there is no such tool or solution for WannaCry decryption, so users are strongly advised to follow preventive measures in order to protect their systems.
- Keep your system Up-to-date: First of all, if you are using supported, but older versions of Windows operating system, keep your system up to date, or simply upgrade your system to Windows 10.
- Using Unsupported Windows OS?If at all you are using unsupported windows versions with Windows XP, Server 2003, Vista or 2008, you should apply the emergency patch released by Microsoft today.
- Enable Firewall:Enable firewall if not already done in individual systems or an organisation
- Keep your Antivirus software up-to-date:Virus definitions released recently have already been updated to protect against this latest threat.
- Backup Regularly:Always have a good backup in place to have a tight grip on all your critical and confidential data to an external storage device that is not always connected to your PC.
- Beware of Phishing:Always be aware of uninvited documents sent as an email and never click on links inside those documents unless verifying the source or the individual.