WannaCry exploits the latest vulnerability in the Windows OS and understands that stealing user data does not matter by taking it as a “hostage.”
After just over two days, WannaCry has affected 10,000 organizations and 200,000 individuals in about 150 countries, according to the BBC. This is also considered the most dangerous malware in the world today. Many hospitals, health organizations, charities, corporations in countries such as Britain, USA, Russia, India … data loss has a serious impact not only on the economy but also on the lives and security of the people.
What is WannaCry?
WannaCry is a variant of ransomware. The software is also known as WannaCrypt0r 2.0 or WCry. Users are familiar with the concept of malware, but this is only a common name for software harmful to the computer. Ransomware, more specifically, refers to malware that occupies the computer’s data and prevents the user from accessing the data on it until a ransom is paid. According to Mr. John Villasenor, a professor at the University of California, Los Angeles, ransomware is dangerous because they “understand” the user’s data that is most important to them. Keeping data to be a “hostage” will be more effective than just stealing or deleting.
Why is the computer infected with WannyCry?
In most cases, software infects via links or attachments in messages or phishing emails. Software is usually hidden in a web address url with a compelling content offering, downloading pirated applications or email attachments. When users click on these addresses, their computer will be infected and malicious software can be automatically installed.
Segura, a senior intellectual researcher at Malwarebytes, recommends that users never click on links in strange emails. How to trick the victim to open the path to run a malicious code is not new but still a lot of people suffer.
WannaCry’s mechanism of action
As its name implies, WannaCry is a malicious code used to blackmail. When installed into the computer, WannaCry will find all the files in the hard drive and encrypt them and then leave the owner a message. If you want to decode back, users need to pay.
It uses a private encryption key to encrypt data that only the attacker knows. If the ransom is not paid, the data will be lost forever.
When a computer is compromised, attackers often find ways to reach their users. WannaCry will replace the wallpaper, automatically open the window specific instructions how to pay to restore the file. Even so, this guide is fully translated into the language of most countries. The amount of money usually claimed is between $300 and $500. Prices can double if ransom is not paid after 3 days. In the case of WannaCry, the crook rants with bitcoin, a virtual currency so it is difficult for law enforcement agencies to capture.
Why is WannaCry more dangerous than other ransomware?
WannaCry and its variants exploit a vulnerability in the Windows operating system that the US National Security Agency (NSA) holds. Network criminals have used the tools of the NSA to spread ransomware.
This serious flaw on the Windows operating system was only discovered in February this year. Microsoft released the patch in early March, but many computers around the world did not receive updates. In particular, it is significant that developing countries use the operating system, “pirated” applications. Companies and organizations that restrict external connections are also unlikely to update patches in time. This is also the reason hospitals, medical organizations in the UK, Telefónica telecommunications company of Spain, FedEx courier service of the United States is also on the list of the most affected victims.
How to limit the damage?
According to security experts, the first step is to be extremely cautious with every message sent. But John Villasenor, a professor at the University of California, Los Angeles, said there was “no perfect solution” against this attack.
Users should regularly back up their data to make sure they can get it back whenever they need. The backup feature will help owners not pay large sums to ransom.
The attack exploited a vulnerability in Windows but the path was released by Microsoft. Users need to update immediately to the latest version of Windows to avoid malicious code can exploit. Do not open strange & fake emails that is also something that needs to be done thoroughly during this time.