Sunday, May 14, 2017

New Ransomware encrypts your computer ..demands bitcoin , WannaCry?

In a age where even fruit juice squeezers require an internet connection , the chances of getting attacked by a malicious entity seeking revenge , some sinister prank or a few bucks off retired folks from  a money transfer is very real , but for a while , we have taken computer security for granted , either due to the lack of a powerful "reality check" or the lack of attention , most of us have left our devices vulnerable to exploits , and now , as of yesterday , over a hundred thousand computers in over a hundred countries have been blocked, encrypted and kept on a swords edge  by a new type of malware -  Say hello to Wanna Cry , the worlds most advanced randsomware yet .

Wanna cry , also known as WannaCryptor ,WannacCryptor(2.0) Wanna Decryptor  basically encrypts your whole computer /atm/ medical equipment / displays or basically anything running Microsoft's Windows operating system (including server , RT and others) and displays a message asking for a ransom of $300 (in Bitcoin) in a set amount of time or $600 if  you fail to pay the 300 in time (ignore and you will lose all data) . The malware has so far rampaged many Microsoft equipped computers in Russia(Including government deartments) ,UK(transport and health) and India(Police and banking systems) and many other countries with more computers getting infected by the minute .

The ransomware , developed using a Microsoft Windows SMP exploit (ETERNALBLUE) leaked from the NSA , has managed to rat its way through to host computers who were vulnerable to the attack (computers with legacy software and those who didnt install the March MS17-010 update , Microsoft ,who has adressed the issue in a fix is now set to release critical updates for older software versions as well , currently all versions of Windows (XP , Vista , 7, 8,8.1 and 10) as well as Server editions from 2003 are not secure until the new patch is released .

Malwaretech and Darien Huss- a third party , were successful in slowing down the spread after they found a unregistered domain in the ransomware code which prompted them to register it , and successfully redirecting the domain to Malwaretech's "kill switch" portal which activates the kill switch coded in the malicious code . But the code is still at large and according to expects , the creators or another party can simply go through the code again and disable or even remove the "kill switch" function and repackage at will .

So far , due to the sudden risk , users are rquested to backup any file to a different system or keep a hard copy backed up . Updating the patches on networked systems will also help stop the spread for now ,and keeping antivirus softwares up-to date (eventhough many are next to useless in this case with some exceptions eg- Malwarebytes (Avast and Kaspersky are working on a detection system as well)  . But so far the most secure method is to patch up and back up !

Written by Rakitha for MasHD
Via - malwaretech

No comments:

Post a Comment