A ransomware is a malicious software that infects a computer and restricts the user to get access to the computer until a ransom is paid to unlock it. WannaCry or WannaCrypt0r or WannaDecrypt0r is a ransomware that targets computers running Windows OS.
WannaCry infects vulnerable Windows machines, encrypts everything, and presents the victim with a multilingual pop-up message demanding a $300 ransom in BitCoin in exchange for the safe return of the files.
WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA).
The cyber attack was launched on Friday 12, 2017 and reports indicate that it has infected more than 230,000 computers in over 150 countries worldwide. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm.
According to reports, three or more hardcoded bitcoin addresses, or “wallets”, are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown. To track the ransom payments in real time, a Twitterbot dubbed actual ransom has been set up. As of the time of publishing this article, 151 payments totaling to 24.75899797 Bit Coins ($42,640.91) had been paid.
A patch to remove the underlying vulnerability for supported Windows versions i.e Windows Vista and above was issued on 14 March 2017 by Microsoft. Due to the scale of the attack, Microsoft took an unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards as well.
However delays in applying security updates has left many users vulnerable.
The attack affected many hospitals in England and Scotland, and up to 70,000 devices including computers, MRI scanners, blood-storage refrigerators and theatre equipment are reported to have been affected.
The Communications Authority of Kenya (CAK) through the National Kenya Computer Incident Response Team Coordination Centre released a press statement to discourage people from paying the ransom in case they are attacked and advised the public to ensure their Windows devices are up to date.
Here are some preventive measures:
- Keep an up-to-date backup of your important files offline, to ensure that in the case your computer is attacked, you can restore your files from the backup.
- Ensure that your anti-virus is working and up-to-date
- Avoid clicking on links or opening attachments or emails from sources you don’t know.
- Do not download anything you are not sure of the contents
In the unlikely case that your computer gets infected, keep calm and don’t pay the ransom. Simply use your back up to restore your files. Please note that this does not guarantee you will get all your files back but you will definitely have your machine up and running once again.