Ransomware wanna cry shook the world ?

ransomware wanna cry
Ransomware wanna cry attack track

On 15th of may 2017 at morning, I came to know about the “wanna cry ransomware 2k17” and I was shocked to see the news. One of my friends asked me about this thing and I started the study of this malware....”ransomware wanna cry ”

Before starting with why, where, and how about this...we need to know about the “what” factor of the same.

So what is ransomware?

In simple word, it is a malicious software which is designed to block access computer system/files until a sum of money is paid to the creator.

What is wanna cry ransomware?

This is a malware which took benefit of Microsoft windows vulnerability and takes control of your computer and encrypts the files and even changes their extensions too and demands you for the money. And keep files in encrypted mode until you pay.It just like a trojan type of virus which stay in the system and waiting for the event to evoke.

ransomware wannacry
Ransomware wanna cry screenshot

How Ransomware wanna cry work?

We all known this phrase, “No system is perfect and no system is fully secured”, every system has some loophole or some type of vulnerability.The ransomware takes the benefit of the same and infects the system.In wanna cry case, it exploits from the Microsoft windows bug, and spread on thousand of the machine over the world. This is called EternalBlue exploit and the cyber world believes that American National Security Agency has been aware of this.

What is EternalBlue?

It exploits the vulnerability which is present in MS “Server Message Block” called as SMB, which is a protocol, allows remote attackers to execute arbitrary code via crafted packets, the affected systems are MS Vista SP2, MS 2008 server sp1 and sp2, windows 7 sp1, windows 8.1 and windows server 2016 too.

Source: https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144

Because of GB's of updates most of the windows user off their auto-update and not get the security patches released by the Microsoft and other security companies.windows OS like windows xp which is deprecated by the Microsoft is highly vulnerable to this,because these system did not receives any such patches to immune, also MS server 2013 also deprecated, and still used by most of the organisation.

Ransomware wannacry attack track
Source:https://intel.malwaretech.com/botnet/wcrypt

Source:https://intel.malwaretech.com/botnet/wcrypt

How to safeguard my system from wanna cry ransomware.

                     Whatever, the operating systems you are using, you have to install the updates and patches provided by the Microsoft. I recommend to the windows XP user specially to do so immediately.You can download and also can read about this patches from “Microsoft official link

Some tips to make your system safe....

  1. Dont visit unsafe or unreliable sites.
  2. Aware about fraudulent e-mail messages which uses relevent name to popular services such as PayeTM instead of PayTM or use popular service names without commas or excessive characters.
  3. Do not turnoff the auto update option..
  4. Dont click on a link that not trusty on a web page.
  5. Dont access Facebook or messaging app such as WatSab and other app.
  6. Take back up regularly without fail.
  7. If you get any message from your friend with a link, ask him before opening.
  8. Update Anti virus regularly

What about India and wanna cry attack.

India is leading in cashless and online payment ecosystem, to protect this ecosystem IT minister suggest RBI(Reserve Bank of India), NPCI(National Payment Corporation of India) and UIDAI(Unique Identification Authority of India,ADHAR CARD)  to protect the systems from this malware. Also, the ministry of Electronic and information technology instructs cyber security unit called as CERT-In to investigate about the wanna cry ransomware.Govt also suggest to the Department of telecom to alert internet service provider to secure their system.

Ministry also requests Microsoft India to inform all their customers and partner about this attack and remedial action over it.

What makes this attack that much powerful ?

We know the lack of information is a reason to all this type of attacks and to make it weak, we need to share the usefull information to people as much as possible, so that they can download that patches and install it into the system to make their system immune to this attack.share it and save the world from this crises.