You got an email from a new email user this morning and it has an attachment. Then You want to check the attached file which you think has some important information. When you clicked on it and probably your system stuck. Later on when you checked all your documents and pictures are changed to some random values with XXXX in them. Now you cannot see your pictures and your documents are not opening in their respective programs. This happened due to ransomware attack.
What is Ransomware?
A Malicious software which can encrypt your documents files and show you a message to contact hacker for ransom money. Usually a bitcoin digital money. Most dangerous thing about ransomware is that it is impossible to recover files without paying the ransom.
The new version of ransomware which hit the world few days early is the Wannacry ransomware. According to a report Ransomware virus hit about 230,000 systems worldwide. The UK’s health organization NHS is one of the major victims. It mostly hit the windows versions which were not up-to-date.
Wannacry damage to systems around the world.
How it attack?
Emails with ransomware attachments are always circulating on the internet from many years. You may have got many of them in your spam mails. It cannot harm you unless you execute them. There is a big mis-computation that ransomware is spreading and there is nothing to stop it and it will break the whole internet. It’s rather easy to avoid them when you are cautious about the email attachments and keep your antivirus and operating system up to date.
With great power comes great responsibility, if you are an Admin or a Manager who has access to all of the company files. A single mistake like this can bring your company down. Ransomware are mostly automated attacks and they can only trigger if someone execute them. But after execution they can spread across insecure network like a worm. Also they cannot do damage to routers, switches, Linux and Mac systems.
How NHS got affected of Wannacry?
Report says that it attackd on outdated computers. Also four in five hospitals were unaffected. The affected hospital has got some security software updates from provider which were also not applied.
We have tested a version of ransomware and it was very threatening to documents on the system. There is no way you can recover the documents, it is only possible with a secret key from hacker, which can decrypt the files. Mostly hacker have left their signature and contact information. It mostly hit the documents and multimedia files. Ransomeware doesn’t affect system file. There is a version which can lock down your PC as well but I guess it’s rare.
Most dangerous thing about it?
The most dangerous point of Wannacry was that it was behaving like a worm and it was spreading through the smb/cifs protocol vulnerability in Microsoft operating system. It could have done more damage but it is said that there was an unregistered domain mentioned in the kill-switch of the Wannacry. A malware tech guy identified that domain, he registered it and that kill-switch got activated. It helped in stopping of Wannacry spread and it helped in identifying the affected systems.
How does it spread?
It mostly spread through emails and websites which has infected download links mostly the files convert into zip format and when you click on them they will hang your system during this system hang period ransomware starts accessing all your documents, photos and multimedia files and starts encrypting them. The encryption of large number of files is a highly CPU intensive task and it makes your system stuck and it will stop responding to mouse and keyboard inputs.
Ransomware goes to all the targeted files which you have access suppose your system is connected to your phone, external hard disk and a network drive. So all the documents files which your PC has access to at that time will get encrypted and become unsable. Antivirus can detect most of the ransomware but there is always a new version of ransomware, which can reach your system undetected if you are not following proper security measures.
Backups are the most important thing which can save you. I know it is not in our nature to take backups unless we got hit by a disaster but it is always best to have a backup plan, so that you can recover to a week early, rather than starting over a new company.
Ransomware are a new breed of malware which can cause damage through mostly email attachments. But websites download lniks also contain ransomware viruses, software cracks and can spread via USB and insecure networks with insecure shares. If you keep you computer and operating system update, you can avoid it. Avoid opening email attachments from unknown users. Awlays Avoid sharing your files with everyone on the network. Avoid use of USB unless you are sure it is clean.