Overview on WannaCry Cyber Attack
What is WannaCry Virus? WannaCry, also known as Wanna Decryptor, is a kind of “Worm” ransomware virus. It is around 3.3 MB size and spreads via the dangerous loophole “Eternal Blue” that was leaked from National Security Agency (NSA). The ransomware virus will scan the TCP port 445 Server Message Block (SMB), which is similar to the way worms spread. Then attack the host and encrypt the file stored on the host. The final purpose is to ask to pay ransom in the form of Bitcoin currency. The amount of blackmail is $300 to $600.
On May 14, 2017, the WannaCry virus variant to WannaCry 2.0, therein, the Kill Switch is canceled and propagation speed becomes faster. As of May 15, 2017, WannaCry has attacked at least 150 countries by the network and caused global cyber attack. Organizations in financial, energy, medical, education, etc industries has serious crisis management problems. For instances, due to the file encryption, some operations in hospital have to be canceled; thesis and graduation designs are locked as well.
At present, the security area has no effect solution to get rid of the WannaCry or Wanna Decryptor encrypted and hacking behavior.
Tips: Bitcoin is a kind of network virtual currency which has no issuer, so its source location cannot be traced. Bitcoin is fairly expensive and currently, 1 Bitcoin is equal to some 1.3 thousand dollars. It can be exchanged with currency of many countries and lack of supervision, which makes it popular among illegal network hackers.
When the user’s host system is hacked by the ransomware, following dialog box will pop up, reminding the purpose of extortion and ask for Bitcoin currency. The important files on the hacked host, such as photos, pictures, documents, compressed packets, audio, video, executable programs and so on, are all encrypted and have a special WannaCry file extension: .WNCRY. As covered before, there is no efficient way to solve this virus currently. Once, the host is infected, the only way is to reinstall the operating system to relieve the blackmail. However, the important encrypted files cannot be directly restored.
WannaCry mainly used the Microsoft “Windows” system leak loophole to get the ability to automatically spread among computers. It can infect all computers within the intranet in a few hours. After the ransomware virus leaked by remote execution, a compressed package will be released from the source folder. The package will decrypt and release file in memory via [email protected] Wherein, the pop-up window exe, desktop background image bmp, including the language of the extortion font, and two auxiliary attack exe file are contained. Please note that these files are released to the local directory and are set to hide.
Following file types are likely to be infected by WannaCry: commonly and not commonly used office files; compressed documents and media files; E-mail and mail databases; database files; source code and project files for developers; key and certificate; documents for artists and photographers; and virtual machine files.
WannaCry: How Does It Spread?
WannaCry malware makes use of two elements to spread and infect in most cases. The first one is aforementioned “Eternal Blue” cyber weapon of NSA. This weapon allows hackers attack hosts remotely. Secondly, it takes advantage of Windows operating system 445 vulnerabilities to spread, and have a self-replication and active communication characters. The 445, as a file share port, is opened all the time. WannaCry hackers aimed at this point and let virus crawling each computer in this way.
Besides, organizations in many countries are using Windows XP system that had been discontinued by Microsoft. There are not up-to-date patch for this OS as well. As a result, these places become the heavy victim area.
After learning what WannaCry ransomware is and how it works, it is important to know the way to protect yourself from ransomware. A safe way is to disconnect the network by unplug the cable and then boot computer. Basically, that will help you avoid infection by WannaCry. After boot, try to install security patch and anti-virus as soon as possible. Below are solutions for temporary.
Turn on the system firewall.
Prevent the connection to the 445 port use firewall advanced settings (the operation will affect 445 port services).
Download and install the patch, MS17-010, for ransomware released by Microsoft in Windows 7. Microsoft also released special patch for Windows XP and Windows Server 2003. Meanwhile, enable system automatically update. Let it detects and install updates.
WannaCry Prevention for Long Run
To protect important files from WannaCry infection, free ransomware protection is of great important. AOMEI Backupper Free is the best free defense against ransomware that can do a lot before and after you have been hacked. It is user-friendly for both experts and novices. Following are the detailed information. Download it and have a try.
If you’re lucky enough and have not been hacked, please accept congrats. In that case, you can do some preparations to ensure no file will lose in the future. That is to say, you can backup all your important files to safe places like USB stick, external hard drive and CD/DVD that can keep away from network. AOMEI Backupper Free provides System Backup, File Backup, Disk Backup, or Partition Backup which can meet all your backup demands. Just click on "I Want to Backup Data".
If you’ve been hacked by WannaCry ransomware, don’t worry, you can still create image for the encrypted files. It is said that the encrypted file will be deleted if no payment after seven days. So backing up the encrypted file saves the file in another manner. If the decrypt method has been developed in the future, the encrypted file has possibility to restore. You can create backup image for these files using the same feature in AOMEI Backupper. Besides, this software also provides “Create Bootable Media” service that allows you to backup file off-line: WinPE mode.
Just in case, please run backup without network connected.
If you want to create bootable media later, you can go Utilities > Create Bootable Media.
Write in the End
What is Wanna Decryptor or WannaCry ransomware? I’m sure you have a clear knowledge for it now. The key point is staying calm. If hacked, backup the encrypted files and seek help from professionals. If not, arm yourself and prepare well to fight against the ransomware! The good backup habit needs to be developed urgently.