WannaCry is one of the most severe malware attack so far this year and has spread as a wildfire.
As the name suggests the malware infects a system and demands the victim to pay a ransom in order to regain access to the files in the system.
A ransomware (WannaCry) is a serious piece of malware which encrypts files in the target machine with strong encryption algorithms and demands ransom to decrypt it. It is operated through CnC (Comand and Control Centre) from remote locations.
WannaCry demands the victim a ransom of $300 in bitcoins. If the user doesn’t pay the ransom within 72 hours the amount is said to be doubled to $600. If the user does'nt pay after seven days WannaCry will delete all of the encrypted files and all data will be lost.
WannaCry covers all important file type, the filetypes that are targeted by the WannaCry Ransomeware are:
.123
.3dm
.3ds
.3g2
.3gp
.602
.7z
.ARC
.PAQ
.accdb
.aes
.ai
.asc
.asf
.asm
.asp
.avi
.backup
.bak
.bat
.bmp
.brd
.bz2
.cgm
.class
.cmd
.cpp
.crt
.cs
.csr
.csv
.db
.dbf
.dch
.der
.dif
.dip
.djvu
.doc
.docb
.docm
.docx
.dot
.dotm
.dotx
.dwg
.edb
.eml
.fla
.flv
.frm
.gif
.gpg
.gz
.hwp
.ibd
.iso
.jar
.java
.jpeg
.jpg
.js
.jsp
.key
.lay
.lay6
.ldf
.m3u
.m4u
.max
.mdb
.mdf
.mid
.mkv
.mml
.mov
.mp3
.mp4
.mpeg
.mpg
.msg
.myd
.myi
.nef
.odb
.odg
.odp
.ods
.odt
.onetoc2
.ost
.otg
.otp
.ots
.ott
.p12
.pas
.pdf
.pem
.pfx
.php
.pl
.png
.pot
.potm
.potx
.ppam
.pps
.ppsm
.ppsx
.ppt
.pptm
.pptx
.ps1
.psd
.pst
.rar
.raw
.rb
.rtf
.sch
.sh
.sldm
.sldx
.slk
.sln
.snt
.sql
.sqlite3
.sqlitedb
.stc
.std
.sti
.stw
.suo
.svg
.swf
.sxc
.sxd
.sxi
.sxm
.sxw
.tar
.tbk
.tgz
.tif
.tiff
.txt
.uop
.uot
.vb
.vbs
.vcd
.vdi
.vmdk
.vmx
.vob
.vsd
.vsdx
.wav
.wb2
.wk1
.wks
.wma
.wmv
.xlc
.xlm
.xls
.xlsb
.xlsm
.xlsx
.xlt
.xltm
.xltx
.xlw
.zip
OSes affected:
Windows 8
Windows XP
Windows Server 2003
Linux, MacOS, ChromeOS and mobile operating systems like iOS and Android are safe from WannaCry.
Where did WannaCry come from all of a sudden?
Ransomeware WannaCry (12th May,2017) uses the Eternal Blue exploit generally believed to have been developed by the National Security Agency (NSA) USA. The exploit which was leaked by the Shadow Brokers hacker group on 14th April,2017.
Protecting against WannaCry:
Update the Operating system immediately, for Windows users an important security update was released on Friday 12th May,2017.
Fix:
What can I do if my computer is infected with WannaCry?
There is no fix for WannaCry available now.The only way out is if you have the backup copies of your files that were ransomwared.
For future safety:
Install Cybereason Ransomfree and Malwarebytes Anti-Ransomware (currently in beta)
And for mean time block port 445.
Backup regularly
Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser
Disable macros in Microsoft Office products
Install and updated antivirus software
Follow safe practices when browsing the web.
Turn on the firewall.
Block binaries running from %AppData%, %ProgramData% and %Temp% paths. Ransomware sample drops and executes generally from these locations.
Keep browsers and browser plugins up-to-date.
Remove unwanted software.
As the name suggests the malware infects a system and demands the victim to pay a ransom in order to regain access to the files in the system.
A ransomware (WannaCry) is a serious piece of malware which encrypts files in the target machine with strong encryption algorithms and demands ransom to decrypt it. It is operated through CnC (Comand and Control Centre) from remote locations.
WannaCry demands the victim a ransom of $300 in bitcoins. If the user doesn’t pay the ransom within 72 hours the amount is said to be doubled to $600. If the user does'nt pay after seven days WannaCry will delete all of the encrypted files and all data will be lost.
WannaCry covers all important file type, the filetypes that are targeted by the WannaCry Ransomeware are:
.123
.3dm
.3ds
.3g2
.3gp
.602
.7z
.ARC
.PAQ
.accdb
.aes
.ai
.asc
.asf
.asm
.asp
.avi
.backup
.bak
.bat
.bmp
.brd
.bz2
.cgm
.class
.cmd
.cpp
.crt
.cs
.csr
.csv
.db
.dbf
.dch
.der
.dif
.dip
.djvu
.doc
.docb
.docm
.docx
.dot
.dotm
.dotx
.dwg
.edb
.eml
.fla
.flv
.frm
.gif
.gpg
.gz
.hwp
.ibd
.iso
.jar
.java
.jpeg
.jpg
.js
.jsp
.key
.lay
.lay6
.ldf
.m3u
.m4u
.max
.mdb
.mdf
.mid
.mkv
.mml
.mov
.mp3
.mp4
.mpeg
.mpg
.msg
.myd
.myi
.nef
.odb
.odg
.odp
.ods
.odt
.onetoc2
.ost
.otg
.otp
.ots
.ott
.p12
.pas
.pem
.pfx
.php
.pl
.png
.pot
.potm
.potx
.ppam
.pps
.ppsm
.ppsx
.ppt
.pptm
.pptx
.ps1
.psd
.pst
.rar
.raw
.rb
.rtf
.sch
.sh
.sldm
.sldx
.slk
.sln
.snt
.sql
.sqlite3
.sqlitedb
.stc
.std
.sti
.stw
.suo
.svg
.swf
.sxc
.sxd
.sxi
.sxm
.sxw
.tar
.tbk
.tgz
.tif
.tiff
.txt
.uop
.uot
.vb
.vbs
.vcd
.vdi
.vmdk
.vmx
.vob
.vsd
.vsdx
.wav
.wb2
.wk1
.wks
.wma
.wmv
.xlc
.xlm
.xls
.xlsb
.xlsm
.xlsx
.xlt
.xltm
.xltx
.xlw
.zip
OSes affected:
Windows 8
Windows XP
Windows Server 2003
Linux, MacOS, ChromeOS and mobile operating systems like iOS and Android are safe from WannaCry.
Where did WannaCry come from all of a sudden?
Ransomeware WannaCry (12th May,2017) uses the Eternal Blue exploit generally believed to have been developed by the National Security Agency (NSA) USA. The exploit which was leaked by the Shadow Brokers hacker group on 14th April,2017.
Protecting against WannaCry:
Update the Operating system immediately, for Windows users an important security update was released on Friday 12th May,2017.
Fix:
What can I do if my computer is infected with WannaCry?
There is no fix for WannaCry available now.The only way out is if you have the backup copies of your files that were ransomwared.
For future safety:
Install Cybereason Ransomfree and Malwarebytes Anti-Ransomware (currently in beta)
And for mean time block port 445.
Backup regularly
Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser
Disable macros in Microsoft Office products
Install and updated antivirus software
Follow safe practices when browsing the web.
Turn on the firewall.
Block binaries running from %AppData%, %ProgramData% and %Temp% paths. Ransomware sample drops and executes generally from these locations.
Keep browsers and browser plugins up-to-date.
Remove unwanted software.
.png)
.png)
.png)
1 Comments
Nice detailed info da
ReplyDeleteI'd love to hear your thoughts!