As everyone knows last year internet was brought down due to massive Distributed Denial of Service Attack (DDos) attack using infamous mirai malware. But this #WannaCry is another level, Within 2-3 days it has already infected nearly 100 countries including India, Pakistan, United States, Russia, Australia and UK became’s victims of a cyber attack.
It was reported to have a major disruption of systems that were being used by hospitals, airports and even shops.
Who carried our this cyber attack?
An unknown hacking group launched this ransomware attack worldwide and those tools were specially made for NSA by Hacking Tools (for spying purpose).
Shadow Brokers group leaked this tool online as part of their hacktivist agenda of accumulate hacking tools developed by agencies for spying purpose.
The name of that tool is “Eternal Blue” and it specifically exploits a vulnerability inside Microsoft windows.
How this exploit works?
This vulnerability is in Microsoft’s flagship operating system can be exploited using “Eternal Blue” which blocks access to your computer completely. And then forces you to pay the demanded amount by hackers about $400-600 and a time frame to make a payment through bitcoins . Some of the companies has made payment so they can unlock there system and have there data back. because if you wanna re-access your files you have to make a payment unless your data will be permanently deleted.
— gigi.h (@fendifille) May 12, 2017
Which countries has been affected?
According to some blogs, almost 80,000 computers worldwide has been affected by this cyber-attack.
Researchers says that it spreads through emails in-result 5 million emails per hour resulting in a the virus infection affecting all other countries as well, Germany, France, Russia, Australia, Mexico and Italy.
— Kaspersky Lab (@kaspersky) May 12, 2017
A friend of mine told me to try these passwords: “infected” or “[email protected]”.
Whoops. Foto vom Kollegen bekommen – Chemnitz Hauptbahnhof hat wohl ein Cryptolocker Problem. pic.twitter.com/IH5B5dyKvM
— Nick Lange (@Nick_Lange_) May 12, 2017
— Darien Huss (@darienhuss) May 12, 2017
How it as stopped?
A security specialist passing by the online handle of @MalwareTechBlog disclosed to AFP that the ransomware was spreading due to being associated with an unregistered space. The specialist, in this way, said the spread can be halted by enlisting the area and refreshing the frameworks quickly.
As indicated by The Guardian, @MalwareTechBlog with the help of Darien Huss from security firm Proofpoint found and actuated an “off button” in the malignant programming. The switch was hardcoded into the malware on the off chance that the maker needed to stop it spreading. This included a long outlandish space name that the malware makes a demand to – similarly as though it was looking into any site – and if the demand returns and demonstrates that the area is live, the off button produces results and the malware quits spreading.
“I saw it wasn’t enlisted and thought, ‘I think I’ll have that.” The buy cost him $10.69. Instantly, the space name was enrolling a great many associations consistently. They get the coincidental saint honor of the day,” said Proofpoint’s Ryan Kalember. “They didn’t understand the amount it presumably backed off the spread of this ransomware.”
Microsoft’s take on the situation
A Microsoft’s spokesperson said that those who had enabled updates and had the company’s free antivirus software installed were not affected. Also, the company released an update earlier today which detects this threat as Ransom: Win32/WannaCrypt.
Microsoft has made the patch for MS17-010 available for XP and 2k3. Patch over the weekend. It’s worth the overtime. https://t.co/XqXjprWtC1
— Jake Williams (@MalwareJake) May 13, 2017
How to protect yourself from this?
Security experts advise to install the Microsoft fix—MS17-010—right away. Following the installation, make sure to reboot the system.
If NSA builds a weapon to attack Windows XP—which Microsoft refuses to patches—and it falls into enemy hands, should NSA write a patch? https://t.co/TUTtmc2aU9
— Edward Snowden (@Snowden) May 12, 2017
The patch that closes the backdoor used by WannaCry to penetrate the system was released by Microsoft on March 14 – apparently shortly after the NSA became aware that its exploit has been stolen, and roughly a month before the Shadow Brokers hacking group exposed it to the world.
In general, patching your system and installing regular Microsoft updates should secure an average PC user from unwanted vulnerabilities.
Just as with many other ransomware, the virus can penetrate the system not only through a Windows vulnerability, but also through the “spray-‘n’-pray” phishing attack, which involves spamming users with emails that carry a malicious attachment. The attackers can also lure a victim to click on a URL where malware will be ready to crawl into your machine.
Because ransomware targets everyday Internet users, businesses and public service providers, any individuals or organizations that needs continuous access to its systems should be especially careful what sites they visit and which attachments they open up.
It is highly advised, in order to protect yourself from being held hostage to data thieves, to create secure backups of important data on a regular basis. Simply backing up is not enough though, as physically disconnecting the storage device is required to avoid it being infected with ransomware as well. Cloud storage is another option to use, but it makes your data vulnerable to all other kinds of attacks.
#3 Don’t pay ransom!
This one is quite simple – there’s no guarantee that victims will get their data back even if they caught up cash cyber crooks demand from them. Plus there is no guarantee that the attackers won’t strike you again or demand more.
#4 Install antivirus (at least a trial version)!
Make use of your antivirus software’s ransomware removal tool, which should scan for and wipe out any ransomware attempts found on your computer.