WannaCry Ransomware
Download as PPTX, PDF4 likes7,400 views
The WannaCry ransomware attack on May 12, 2017, affected over 200,000 organizations across 150 countries, demanding a ransom in Bitcoin to decrypt locked data. The attack exploited a vulnerability in Microsoft Windows, causing widespread disruption to businesses and healthcare services, particularly in the UK. While a temporary solution was found to halt the ransomware, experts warn of ongoing threats from similar attacks and emphasize the importance of data backup and cybersecurity measures.
WannaCry Ransomware
- 1. WannaCry Ransomware The biggest cyber-attack extortion in the history of the internet.
- 2. What made us cry? > On May 12, 2017 the world witnessed the biggest ever cyber-attack in the history of internet, WannaCry - a ransomware which rendered computers across the globe useless. > WannaCry hit more than 200,000 organizations from over 150 countries, shutting down everything from telecoms in Spain to the Interior ministry of Russia, and affecting 47 NHS trusts in United Kingdom. > It spreads to other computers via a Server Message Block (SMB) remote code execution vulnerability in Microsoft Windows computers (MS17-010). This exploit is named as Eternal Blue. > This malware locked all the data in the computer and displayed a message demanding a ransom in exchange to unblock the data. > The message also indicated that the payment amount will be doubled after three days. Also, the files will be deleted if payment is not made after seven days. Image source: Symantec
- 3. > Ransomware is a malicious software program which encrypts all data in a computer and blocks access to them. > Often, this malware masquerades as an innocent email attachment or a legitimate website link conning users to open it. > Once this malicious file is opened, it attacks the hard drive and encrypts all the files. > A ransom is demanded for decrypting the files and if the user doesn't oblige, the files will be deleted. A very short time frame, usually just a few days, is imposed to rack up pressure. > The ransom is demanded to be paid in the form of digital currency. > The use of ransomeware has become an increasing trend among hackers looking for a quick payout. What is ransomware?
- 4. > WannaCry ransomware demanded $300 worth of the crypto-currency Bitcoin to decrypt the contents of the affected computers. > The payment was demanded in bitcoins as this digital currency, popular among cybercriminals, is decentralised, unregulated and impossible to trace. > Though $300 might look very small, multiplied by 300,000, the approximate number of computers affected by WannaCry, the amount becomes humongous. > But the more important cost - the time lost, the files damaged beyond repair and other unexpected collateral damage caused by the malware, will be very difficult to ascertain. How much was demanded? Why in bitcoins?
- 5. > WannaCry shutdown many businesses across the globe, including the European manufacturing plants of automotive giants Nissan > Healthcare sector was not spared too; Hospitals in UK, including London's Bart Health NHS Trust, had to cut back services, and doctors were forced to turn away patients and cancel appointments, after being forced to shut down equipment to avoid infection. > Though all patients' records and doctors' filed are claimed to be unaffected by WannaCry, one can never be sure. > Overall, organizations are on an overdrive to address these challenges caused by WannaCry: o Disrupted business operations o Risk of losing sensitive or patented information o Financial cost of restoring the systems and data o Dip in organization’s reputation Impact of this attack
- 6. Were we saved? > Marcus Hutchins, a cyber security analyst, offered a temporary solution for WannaCry ransomware. > He analyzed the code used by the worm and found that it referenced a website URL which didn’t exist. > He bought the domain for $10 and forwarded it to a sinkhole server where it couldn't do any damage. This acted as a ‘kill switch’ to disable the code. > Though this ingenious solution may have saved the day, he claims this is definitely not the end to ransomware problems. > His statement definitely hints that we could be in for a major war with ramsomware hackers. Marcus Hutchins says: “We have stopped this one, but there will be another one coming and it will not be stoppable by us. There’s a lot of money in this. There’s no reason for them to stop. It’s not really much effort for them to change the code and then start over. So there’s a good chance they are going to do it… maybe not this weekend, but quite likely on Monday morning”.
- 7. > Victims are advised to not encourage the attackers by succumbing to their demands. Also, there is no assurance that the affected files will be decrypted once the ransom is paid. > The best option is to restore the data from backup. If it isn't an option, try decrypting the files using recovery tools. > Work with data recovery experts who can reverse engineer malware and help gain access to your data. > Ransomware usually exploit the most recently discovered loopholes and drawbacks in software systems‘. It is therefore prudent to have the anti-virus and firewall programs always updated, to prevent infections from originating and spreading. If you're a victim, should you pay the ransom?
- 8. > Though WannaCry may have been stopped for now, it doesn’t mean you’re completely immune to it. > The WannaCry ransomware affects all machines that are using Windows operating system. > A security flaw, originally exploited by the U.S. National Security Agency (NSA), was leaked. It is now being used by hackers to create havoc. If your system runs on Windows OS, it could be at risk. > Experts have predicted that many other ransomware strains will make a round soon. Keep a lookout and secure all your data. > Prevention is always better than cure. So, take all necessary precautions to save yourself from the ransomware attack. Are you at risk?
- 9. > Here are few tips to protect your computer from WannaCry ransomware. > For individuals and small businesses: o Update your Windows software to the latest edition. o Backing up data is key! Make a copy and secure it. o Scan your systems for viruses and malwares using the latest anti-virus software in the market. > For large organizations: o To protect against WannaCry, apply the latest Microsoft security patches. o Backup all your data and store it in a secure location. o Scan all outgoing and incoming emails with attachments. o Update anti-virus software and conduct regular scans. o Spread awareness among employees to identify scams, malicious links and emails. How to protect yourself?
- 10. Don’t let WannaCry make you cry! For more information, click here.