On May 12, an epidemic infection of a ransomware emerged named as WannaCry ransomware. Experts called it “the largest ransomware infection in the history” that targeted more than 200,000 computers across 150 countries. WannaCry ransomware launched to target millions of Windows system and crippled operations. The infection covered a wide region of Europe which ranged from Britain’s national public health service, the NHS, Telefonica, a telecom company in Spain, car manufacturers, to shipping giant Fedex, to Russian government servers. Also, millions of average computer users fell victims to this cyber attack. However, security experts said that main targets of ransomware appeared to be in Russia, Ukraine and Taiwan but the ransomware includes localized translations in almost 28 languages i.e, from Bulgarian to Vietnamese.
Report On WannaCry Ransomware
Wannacry ransomware, a malicious software which restricts access to data on user’s system until the victim pays ransom who has blocked data. It is found that it is more advanced form of ransomware with the ability to encrypt user’s file. This ransomware campaign spread across the world and hit the hardest with a great impact on government, transport system, banks and power utilities, but leading companies have been seriously affected which include advertsier WPP, pharma giant Merck manufacturing company Saint-Gobain and Russian steel and oils giants Evraz and Roseneft. According to reports, it is advised to all the staffs to turn off and disconnect all Windows system so as to prevent the system from being attacked by the ransomware.
WannaCry Ransomware used to demand ransom in terms of Bitcoins. The technique employed by malware was quite unique and different. Malware scans and spread over TCP port 445 – SMB vulnerability. Further, it is observed that it uses “Doublepulsar”, commonly a backdoor used to run code on systems affected beforehand. EternalBlue and Doublepulsar both exploits are certainly used by WannaCry ransom to spread its infection. It is being said that MS17-010, a patch for newer versions of Windows which may include Windows 7 and Windows 8.1, Windows Server 2008, Windows Server 2012 and Windows Server 2016 inclusive.
Since ransomware is continuously evolving with the passing time and adapting new ways of distribution, its mitigation is really very necessary than ever. The question is how and what measures should be adopted by users to prevent computer systems from getting attacked by WannaCry Ransomware. Therefore, experts explored some major points for the risk mitigation.
Microsoft corporation has introduced a patch, best means to reduce WannaCry risk. Deploying patches on system mitigates the vulnerability exploited by ransomware.
Daily data backup is essential which minimizes the risk of losing crucial data. Daily back-up is an important key to recovery. An effective backup plan is the best way to mitigate against the ransomware attack.
Track Web Traffic and Removable Media Access
It is advised to user that they should not open any suspicious links and spam emails and it is better to thoroughly scan removable media devices. Monitor software installation and do not enable Macros execution.
Install MS17-010 and Emergency Windows
It is very important that all the Windows system should install updates whenever it is available. Actually an excellent way to prevent ransomware infection triggered due to MS17-010 flaws.
Apart from this, Windows emergency security updates are also issued by Microsoft for various operating system which no longer supports to help organizations to protect themselves against vicious ransomware.
Disable and Block SMBv1
If it is not possible to apply patch then disable SMBv1 or alternatively, you can block SMBv1 ports in network devices UDP 137, 138 and TCP 139, 445, recommended by NCSC.