Internet Security

What is WannaCry and How Does Ransomware Work?

Written by twitiq

Ransomware is a type of a cyber-attack that has affects a computer system allowing hackers to take control of it and blocks all access to it until a ransom is paid by the users. To gain access to the system, the cyber criminals have to download harmful software onto the device that’s in the network and they often do this by tricking the users in clicking a link that downloads it onto the system. Learn python for network engineers is a must for handle this type of ransomeware cyber attack effectively.

Through the downloaded software already on the system, the hackers can Ransomeware attack all of the user’s files that it can find within a network and lock it. This is usually a gradual process where the files are encrypted one by one.

Big companies with elaborate security systems are able to identify this occurring and can single out documents to reduce the damage. However, individual users may have a hard time due to lack of such security systems which could result in losing out on all of their data.

Once all the files are locked, cyber criminals demand for a payment to be made in order to unlock the files on the victim’s computer. The payment is usually asked to be made in the form bitcoin which is the online cryptocurrency.

WannaDecryptor – What is it?

WannaDecryptor is also known as WannaCry or wcry for short and is a specific ransomware program that locks all the files and data on a system and only leaves two files for the user. One being the set of instructions on what to do next and the other, the WannaDecryptor program itself.

When opened, the ransomware software tells the user that all their files have been encrypted and gives them a few days’ time to make a payment failing which their files will be deleted. Ransomware asks for the payment in Bitcoin, giving instructions on how to purchase it and also provides a Bitcoin address to send the payment to.

Most of the computer security companies can bypass the ransomware software with the help of ransomware decryption tools that they have. This was used in a wide-scale cyber-attack that affected many big organisations across the world, a few being the NHS and the Telefonica in Spain.

Protection against Ransomware

In order to be immune to the ransomware attack, one must back up all the files in a completely separate system. Hence, in the future, in case of an ransomware attack, no information or data will be lost.

It is difficult to stop the hackers before they launch a ransomware attack but a few precautionary measures could be taken. The cyber criminals need to download the harmful software onto the user’s computer, phone or any other connected device. Very often, the hackers install the virus through infected emails and websites.

For example, the attackers could send a phishing email to an employee posing as if it’s a mail from their boss, asking them to check out a link. But it actually links them to a malicious website that secretly downloads the virus onto the system. A device can also get infected by downloading a harmful program or application or just by visiting a website that contains infected advertisements too.

The best approach to prevent such ransomware mishaps is to be cautious of unsolicited emails and rather than clicking on the link. The website can be checked out by typing out the web address in another window.Another precaution is to make use of antivirus programs that can scan a file before it is downloaded, block secret background installations and search for malware that may already be present on the computer.

Sophisticated and elaborate defences have been developed by cyber security companies which include machines that fight against the hackers once spotted on a system. The Antivirus should be updated on all the systems and the latest software patches from Microsoft should be downloaded.

One can also ensure that smart screen (in Internet Explorer) is left turned on which assists in spotting reported phishing and harmful websites, thus helping the user make reconsider before making any downloads. A pop-up blocker is also useful as it automatically blocks unwanted websites from opening automatically. For higher security, the security tools available on the IT ministry website can be used.

What Should Ransomware Victims Do?

Though there is no permanent solution to the problem, there are a few blind spots that one could take advantage of to either control the damage or prevent it from spreading.

According to Cert-In, the system’s user should immediately disconnect it from the internet to prevent it from spreading to other systems. Since the ransomware encryption is done one file at a time, the user should immediately make an attempt to back up the remaining files in order to try and salvage as much data as one can.

If all the files are found to be locked, it is advisable for the victims to refrain from paying the ransom as it will further encourage the hackers. Even if the payment is made, there is no surety that the files will be returned to them intact. The best thing to do in such a situation is to restore all the files from the backup that was created. If that is not possible, there are some tools available that help recover a part of the lost information.

What is Bitcoin?

Often hackers demand payment in the form of Bitcoins usually between 0.3 and 1 Bitcoins, which is £400 – 1,375, but there is a possibility that they can demand a payment in dollars but made via Bitcoin. Cyber criminals usually demand payments through this digital currency since it is unregulated and practically untraceable. Although it is impossible to trace, the amount of the payment made is however public information. The amount may seem small to charge, but these ransomware attacks are wide-spread, so the payments altogether can be a huge amount.

Kill Switch

To prevent the spread of WannaCry, a Cyber-security researcher discovered a “kill-switch”, which was in fact by accident. The researcher, a twitter user,tweeted that the registering of a domain name that was by the malware, stopped itsspread. However, it did not help the computer systems that were already affected by this ransomware attack. He also warned that the threat was not yet fully averted as the culprits behind this ransomware attack could come up with a new way by changing the code and trying again. He warned users to update the patches on their systems since the attackers would definitely try again.

About the author