WannaCry ransomware attack: What you should know about it and how to prevent it

By
Victor Tinka
-
WannaCry Ransonware PC
Image Credit: The Verge
Since its discovery last week, the WannaCry ransomware attack has continued to spread like wild fire over the weekend, affecting over 10,000 organizations and 200,000 individuals in more than 150 countries, according to European authorities. Several measures have been taken to slow down the issue, other variations of the same Malware have began to crop up. WannaCry ransomware has the capability to cause data loss and negatively affect work environment productivity. As the word sounds, the computer is held at Ransom until you pay the hackers.

On 12th-5-2017 a cyber-attack was launched using the “WannaCry” ransom ware program designed to specifically target Microsoft based users.  Once your computer has been infected it encrypts all your files making it in accessible, then instructing the owner to make payments via Bit coin for the files to be unlocked. See below

WannaCry_Ransom UI
mage: SecureList / AO Kaspersky Lab
The Uganda National Computer Emergency Response Team, over the weekend released a statement warning the general public and said that “This attack is also made easier due to unpatched computers and lack of effective malware protection.” The following versions of Windows are at risk
a) Microsoft Windows Vista SP2
b) Windows Server 2008 SP2 y R2 SP1
c) Windows 7
d) Windows 8.1
e) Windows RT 8.1
f) Windows Server 2012 y R2
g) Windows 10
h) Windows Server 2016
i) Exchange and the IIS web server
j) Forefront Endpoint Protection, System Center Endpoint Protection, Security Essentials, Defender for Windows 7, 8.1, RT 8.1, 10 and Windows Server 2016.
This is how it is spread;
  1. The attack is being spread mainly through phishing emails

If you receive an email from a friend, workmate, even ex-girlfriend prompting you to click on any link you have to be certain otherwise just ignore or mark as spam.

  1. Un-patched Microsoft systems

You need to update your system now Microsoft has already released a security update for wannacry ransom ware or even turn on the “Automatic update Feature” in your Operating system.

  1. Adverts on websites.

Big fan of those advert pop-ups on your browser? It’s time to think twice I repeat please just let them pass the attackers are using them too to spread the virus.

This has been one of the biggest attacks and Europol Director Rob Wainwright told the BBC that the cyberattack is “unprecedented in its scale,” and he said that it will most likely continue as people return to work this week. Microsoft came out to took the unusual step to issue a patch for Windows XP, the patch will only work if installed, and authorities have been warning businesses to ensure that their systems are updated.

So what can you or your organization do to prevent this attack? Well, the The Uganda National Computer Emergency Response Team recommends you take the following action;
a) Urgently apply the latest Microsoft Security Upate MS17-1010 – this reduces the affected SMB Server vulnerability used in this attack;
b) Aggressively update all firewall and AV signatures;
c) Keep up to date back-ups of all critical data;
d) Test and make a separate copy of the backup. A Copy of backed up data MUST be stored offline;
e) Test and practice data recovery procedures for effectiveness;
f) Ensure that all systems are patched up (especially all Microsoft installations, browsers and all its plugins);
g) Disable the execution of files with extension WNCR;
h) Disable macro scripts in files transmitted via email;
i) Scan all incoming and outgoing emails to detect threats and filter executable files (extensions such as exe and scr) from reaching end users;
j) Isolate communication to ports 137 and 138 UDP and ports 139 and 445 TCP in your organizations’ network;
It is paramount that:
k) Ensure that the principle of ‘Least Privilege Access’ is adhered to for all users;
l) Ensuring effective use of effective anti-virus solutions on all computers as well as rootkit scanners on critical servers (effective anti-virus covers all the five distinct layers of protection: network, file, reputation, behavioral and repair). All e-mails and web downloads should be scanned to reduce exposure;
m) All web traffic should be filtered to block potential threats

The ransomware attack began on Friday afternoon, where it affected England’s National Health Service, prompted automaker Renault to idle factories in France, and many others. IA 22-year-old cybersecurity expert known as MalwareTech slowed the attack by registering a domain name he discovered in the ransomware’s code. He told the BBC that another attack is likely coming soon, one that works around his fix.

Researchers have since discovered two new variations of the ransomware. One has been blocked with another domain name registration, but the other variant has no kill switch, but is only partially working.