Do not be a victim of WannaCry Ransomware
The WannaCry ransomware 1.0 was first detected in May 2017 which targeted computers running on Microsoft Windows Operating System. It paralyses affected computers by encrypting its data and demands ransom payments in Bitcoins. As many as 230,000 computers reported to have been infected in over 150 countries. Recently, WannaCry 2.0 has resurfaced and a handful of computers had been affected by it.
Puzzling aspect of this is that there is no definitive name for it. Security Researchers and reporters are calling it by different names. For example, the internal name given by the developer is WanaCrypt0r, while the lock screen displayed by the ransomware is titled as Wana Decryptor 2.0, Microsoft calls it WannaCrypt in their articles, and most of the media is calling it WannaCry.
Infection Heat Map
How WannaCry ransomware works
The WannaCry Ransomware is spread through email and computer network. It is designed to encrypt your files so that you are unable to open them and then demand a ransom in bitcoins to get the decryption key. When encrypting a victim’s files, the ransomware will append the .WCRY and .WNCRY extension to encrypted files. WannaCry will also create ransom note named @Please_Read_Me@.txt and executable that launch the decryptor named @WanaDecryptor@.exe.
Basically, it holds affected computers as a hostage and demands the victim to pay a ransom in order to regain access to the affected computer and its data. We will not dive in too much into every bits and pieces of the technical aspect in this article. To read more, do check out the article posted by MalwarebytesLABS.
How to prevent it
A list of vulnerable systems can be found on Microsoft Security Bulletin. If you are running a Windows based PC, make doubly sure that your Operating System is up to date. In addition, keep your Antivirus and Internet Security software up to date as well.
Sophos Intercept X – a next-generation endpoint detection and response platform designed to stop ransomware, zero-day exploits, and provide detailed threat intelligence. To learn more about Sophos Intercept X information and promotion, contact us.