Recently a major ransomware attack called “ WannaCry “ that has hit services in many parts of the country. It is said to be the biggest ransomware attack the world has ever seen.
Around 45,000 computers have been hit by this WannaCrypt ransomware across 74 countries.
If you’re on this page from a Search Engine, then you probably already know what ransomware is, and are just confused a bit about it. Or if you’re here directly from Social Media then there’s a possibility that you don’t know what ransomware is, well, in any case, let me take the liberty of explaining what it is in brief to you.
What is ransomware?
The word Ransomware is a combination of ransom+ware. Ransom is a sum of money demanded by a kidnapper against the release of the kidnapped person. And Ware means soft.
Ransomware is a Malware that encrypts all your computer files and software and demands money to return the kidnapped file.
Kidnap & Ransom is this for real?
Yes, basically this just works exactly like kidnapping in real life but here they capture your all files and data.
The virus will entirely lock down your computer, and you cannot access any of the files or software in the computer. It is coded in a way that it attacks the computer and takes control over it.
The virus that gets into your computer and your network it encrypts all the data. Usually, it enters the server on the target computer where it enters the network.
If you keep any of your important office files inside your computer and don’t have any backups and you face a ransomware attack before the important meeting. Then it will be a nightmare for you.
It basically holds your files and demands money. If you pay a ransom and then the hackers will give you a decrypt key. The decrypt key allows you to decrypt the data and get your data back.
That’s was scary right?.
Hence it’s appropriately named as Ransomware, they basically kidnap everything important to me on my computer and I got to pay for it.
As per the news latest attack WanaCrypt0r 2.0 bug, for instance, wants $300 to be paid in Bitcoins to unlock the affected computers.
Is Paying Ransom is a Solution?
Seriously it’s not the solution.
First of all, if you’re paying money, then this could be sensed as an opportunity to continue extorting money.
Paying the ransom is no guarantee for getting the files back and what if they open up new attacks?.
Hence, paying for ransom is not all a clever act.
How does it spread?
It’s classified as a worm which means it doesn’t need to be installed on a computer to take that computer over.
This means if you get an email normally with an attachment and when you open that attachment. Then you run the file that infects the computer well the way a worm works.
The worm searches the network it’s constantly scanning and scanning and scanning until it finds a new one from the infected computer.
Then once it finds it remotely executes itself on that computer using that exploit. Now that computer is becoming infected and encrypting files without the user’s knowledge.
It’s also scanning the network looking for another target and another target. Remember the internet is just one big land and it’s one big local area network where everybody’s connected.
Prevention is better than cure
Let’s see how to protect yourself from Ransomware.
So unless you have a really good firewall preventing any external connections from anything chances are you could be vulnerable to this.
It just takes the right computer with the right virus scan and your IP address.
The first thing I want you to do is to open up Windows Update and force install every update that’s available. Select them all and install them.
Why should we update?
Because Microsoft immediately came back and corrected the exploits by releasing Windows updates that should patch all the boxes. Windows 7, 8, 8.1 and 10 should be all patched up.
This will help you from getting way from WanaCry ransomware attack.
What should you do to prevent this from happening in feature?
• You should have a good antivirus and good anti-spam that’s filtering your email.
• Make sure your systems are backed up properly not just simple data backup. There need to be some special ways to do the backup so that the virus does not encrypt the backup.
• If you do get hit with it immediately shut down the computer that gets it with it hopefully you can catch it before it migrates to the server.
• Think before clicking an attachment / unknown link in the email.
How to pervert yourself if you are under Ransomware attack?
Immediately disconnect from the internet to ensure there is no further infection of data. As the ransomware will be unable to reach the command and control servers.
Set BIOS clock back in case the ransomware has a time limit associated with it as with WannaCry.
Can we able to recover the files & data?
There is almost no way to get it back. Your data is gone and you cannot recover it.
If you search for recovery and virus removal tool from the searching engine and you can get 1000 of tools. But 99% of those links are probably just going to infect you with yet another virus.
You should note that this virus is designed to send the key to the attackers and then delete all the evidence including itself.
In the end, again I’m telling you to please back up your data and important the backup to the cloud backing up. Else back it up to an external hard drive and disconnect the hard drive. Don’t leave the hard drive connected to the computer, then there is no use in backed it up.
Spread the word by share with your friends/colleagues and don’t let them become the victim of ransomware.
Follow @Logixsnag
Nice write up brother. Got some knowledge about ransomeware