Wanna Cry Ransomware : A Complete Guide


It is clear that the world today is heavily dependent on the use of IT solutions for day-to-day tasks be it home automation, reservations, communication. 
But things went horribly wrong for people recently who were hit by a new virus on their machines known as "Wanna Cry." It is a virus that has recently affected more than 3 Million computers running Microsoft's Windows OS 8.1 and earlier. 


THE OUTBREAK

The virus has been known to initially broken out on the past Friday, May 12th, 2017 with first systems being affected in Asia. Within a day the code was reported to have infected more than 230,000 computers in over 150 countries. 


Countries affected by the initial outbreak

The virus was able to exploit a vulnerability in old systems running Windows 8.1 and earlier who had not installed Microsoft's latest April 2017 security patch via windows update. Those still running unsupported versions of Microsoft Windows, such as Windows XP and Windows Server 2003 were at particularly high risk because no security patches had been released since April 2014.

THE VIRUS

The virus, when installed on a computer, encrypted all the user files and demanded cryptocurrency from the user in exchange for the decryption key. It was later categorized as a network worm as it spread itself via the internet.
Once launched, WannaCry tries to access a hard-coded URL (the so-called kill switch); if it can't, it proceeds to search for and encrypt files in a slew of important formats, ranging from Microsoft Office files to MP3s and MKVs, leaving them inaccessible to the user. It then displays a ransom notice, demanding $300 in Bitcoin to decrypt the files.

WHAT WE LEARNT 

Ironically the system vulnerability that Wanna Cry exploited was already detected and fixed in the April Security patch released by Microsoft for Windows 7 & 8.1 machines. The updates were flagged as "Critical" but still many organizations didn't installed it.  

Comments