What You Need to Know About “WannaCry” Ransomware

Created at May 16, 2017

What You Need to Know About “WannaCry” Ransomeware 

As has been widely reported, a well-orchestrated ransomware attack swept the world this past Friday, wreaking havoc in over 150 countries. Hospitals had to turn away patients and, as of Monday morning, approximately 200,000 systems in a wide variety of industries around the globe had been infected with the malware. This is the most extreme attack we have seen so far in 2017 and unfortunately, there is no permanent fix. Patch your systems and have proper security because this is not going away.

The Ransomware infects files and user data demanding payment until returned. Reports stated the ransom was $300 in bitcoin to start, following 3 days, it would increase to $600 bitcoin and after a full week with no action or payment, all encrypted data would be destroyed.

WannaCry may have gone global attack this past Friday, however, Microsoft, was aware of it and released a security patch earlier this year for vulnerabilities in Windows Software. Many were affected due to the lack of security updates and using older versions of Windows leaving users susceptible to attacks on their files and systems. Although the malware was first detected in March and used by the NSA, there was a report that it was publicly stolen from the U.S. National Security Agency about a month later. The malware is believed to have been stolen by well-known hacker crew, The Shadow Brokers. The malware drops an encrypted file on the seemingly vulnerable system, which is then executed as a service dropping the ransomware file onto the affected system. Approximately 165 extensions are vulnerable to the attack, including commonly used Microsoft extensions, including .docx, .gif, .jpg, and many others. While unusual, the temporary fix for this particular malware was discovered by a 22-year-old cybersecurity researcher in the U.K. He goes by the Twitter handle @MalwareTechBlog and by pure luck, managed to derail the entire operation.

Malware Tech noticed that one of the domain names being used in the attacks was not registered. He tweeted that he purchased the domain name, drugs-are.reallyreally.fun for $3, thus tracking the ransomware’s spread and unintentionally disarming the attackers.

Although Malware Tech stopped the ransomware spread now, that does not mean it is gone for good. You are putting yourself at a greater risk without a security appliance and without anti-virus software. Do not become a victim in the future. Protect yourself today.

PC users: run the updates on your machines with updates from Microsoft.

-If at all possible, upgrade from Windows XP.

-Do not open emails, attachments, etc. from senders you do not know.

-Always be aware of suspicious emails with attachments that you did not request.

-Never click on links from questionable sources.

-Any time you download or install files from the internet, you are at risk.

Since this malware was so destructive, for the first time since 2014, Microsoft released a patch for Windows XP. Click here to ensure your security is up to date and you are protected.

Questions or concerns? Contact Blue Layer today to discuss your security options. 

  • Chilling Cyber Threats: Cybersecurity Tips to Keep Your Data Safe

    Chilling Cyber Threats: Cybersecurity Tips to Keep Your Data Safe  October is National Cybersecurity Awareness Month, created by the government and the IT industry to raise awareness of the resources available to Americans to remain safe online. Our team at Blue Layer is taking part to raise awareness by sharing our...