On May 12th, 2017, a catastrophic malware hit the interwebs leaving a trail of devastation in its wake. WannaCrypt, also known Wannacry is an insidious ransomware variant that targets PCs running Windows Operating System – Windows XP, Windows Vista, Windows 7, Windows 8, 8.1 and Windows Servers 2003 & 2008. The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are shielded from this attack. For those of you running Linux in your machines, you can sit back and continue enjoying your popcorns. The ransomware gains access to your system by surreptitiously getting an unsuspecting victim to click on a suspicious link or download and open an infected email attachment. This attack vector is known as email phishing. Wannacry then launches itself in the machine and encrypts all your data in your hard disk rendering it inaccessible. A popup windows emerges demanding a $USD 300 ransom in bitcoin currency in exchange for getting your data back. The ransom doubles after 3 days and after 7 days of forfeiture your files get deleted.
It’s the biggest ransomware attack in history taking down over 150,000 systems in more than 100 countries. It has grounded hospitals in the UK, leading to loss of patient data & some institutions were compelled to turn away patients. Russia & India are worst hit with many systems using Windows XP and Windows 7 brought to their knees. The ransomware encrypts a wide variety of files and appends .WCRY at the end of the file. It propagates to other computers by exploiting a known SMB remote code execution vulnerability in Microsoft Windows computers.
What makes WannaCry such a bad ass malware is its ability to propagate itself within corporate networks, without user interaction by leveraging on TCP and UDP ports. Computers which do not have the latest Windows security updates applied are at risk of infection. The following file types are affected:
• Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
• Less common and nation-specific office formats (.sxw, .odt, .hwp).
• Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
• Emails and email databases (.eml, .msg, .ost, .pst, .edb).
• Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
• Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
• Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
• Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
Virtual machine files (.vmx, .vmdk, .vdi).
So, what can we keep WannaCry at bay?
1. Always ensure all critical security updates are deployed in your Windows PCs especially Windows 7 and earlier versions. Of major concern in the MS17-010 Security update. It’s highly recommended that you regularly update your PCs so that they can get the salient security patches.
2. Refrain from using older versions of Windows especially Windows XP which is no longer supported by Microsoft.
3. Disable SMBV1 protocol in your PCs. For machines running on Windows XP, disable the following ports:
4. Form a habit of always backing up your data especially on cloud no that you can always revert to your backup should you suffer an attack.
5. Invest in a robust Antivirus / Internet Security software and ensure it’s always updated.
6. Beware of email phishing. This happens when you are prompted to click on an email attachment whose authenticity and trustworthiness is unverified. Do not fall for such as this is one of the ways Wannacry targets its unsuspecting users.
Until we take the above precautions, we are all sitting ducks.