No doubt you’ve heard about the ransomware attack know as WannaCry that hit computers across the world over the weekend. But, what was it, where did it come from, how was it stopped and how can you protect yourself, your company and your information?
What is WannaCry?
WannaCry/Wcry/WannaCrypt is a nasty piece of ransomware that hit on a flaw in Windows operating systems. All Windows operating systems could be infiltrated, except those that has a security patch from March 2018. The ransomware encrypts your data and files using 2048-bit encryption and forces the user to pay using Bitcoin (Starting at $300, and going up over time).
The ransomware comes from an exploit offered up in the NSA leak from about a month ago and was referred to as “ETERNALBLUE”. The virus spreads via the Server Message Block (SMB) protocol on Windows computers and moves on to any computer on the network.
How was it stopped?
The ransomware was stopped by an “accidental hero” who found a kill switch hidden in the code. The unknown researcher who goes by the title MalwareTech works for Kryptos logic. MalwareTech found a domain name in the code that wasn’t registered and decided to register it to see what happened.
One the domain name, iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com (Random gibberish made by keyboard mashing) was registered, it received thousands of hits from across the globe. The malware would exit if it could communicate with the domain name, so creating it seemed to do the trick.
Now, this was a somewhat easy, but accidentally found, a solution to what could have been an even larger problem.
Protect yourself
To stop this exploit from harming your system, Microsoft has released a patch for Windows 10 PCs. If you’ve been keeping your computer up to date, you won’t need a further update. If you haven’t, update right now. And always update your computer to avoid anything happening.
Users of older Windows machines, like XP, have had a patch created for them. Not everyone wants to, or can upgrade to Windows 10. If you can’t update now for whatever reason, go to settings and find Windows features. Turn off SMB 1.0/CIFS File Sharing Support.
Whatever files and data you have on your computer, whether it’s on an external or internal drive, back it up on a drive that’s not connected to your system. Your information can’t be held for ransom if it’s not on the system.
Source: TroyHunt