Cyber Threats Alert -‘Biggest ransomware attack in history 13-05-2017

What you need to know about the Ransomware (WannaCry)

WannaCry ransomware spreads aggressively across networks, holds files to ransom

What has happened?

On May 12, 2017 a new strain of the Ransom.CryptXXX (WannaCry) strain of ransomware began spreading widely impacting a large number of organizations, particularly in Europe & Asia

What is the WannaCry ransomware?

WannaCry encrypts data files and ask users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

What are best practices for protecting against ransomware?

  • New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
  • Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
  • Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
  • Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
  • Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.

WannaCry encrypts files with the following extensions, appending .WCRY to the end of the file name:

.lay6,.sqlite3,.sqlitedb,.accdb,.java,.class,.mpeg,.djvu,.tiff,.backup,.vmdk,.sldm,.sldx,.potm,.potx,.ppam,.ppsx,.ppsm,.pptm,.xltm,.xltx,.xlsb,.xlsm,.dotx,.dotm,.docm,.docb,.jpeg,.onetoc2
.vsdx,.pptx,.xlsx,.docx

WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows. Computers which do not have the latest Windows security updates applied are at risk of infection

About Ransomware :

What is ransomware?

Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?

The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?

The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?

Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection