Beginning on May twelfth, a gigantic ransomware cyberattack named WannaCry spread over the web, scrambling the information records of victims in more than 150 nations. The coercion malware has hit a huge number of people and gigantic foundations the world over like FedEx or Britain’s National Health Services, Spain’s Telefonica, France’s Renault autos, and even India’s state police.
Ransomware is a type of malicious code designed to lock a computer system or other type of devices. In addition, it can encrypt data files on hard drives and other storage devices. Then, cybercriminals demand money in exchange to unlock devices or decrypt the data. (source: Tumblr.com)
Encoded PCs show recover notes for $300 worth of bitcoin, with no certification of opening the documents.
How does WannaCry ransomware spread?
WannaCry ransomware’s inconceivable speed overwhelmed the world, spreading to a huge number of contaminated PCs in only a couple of hours. That speed and scope is to a great extent because of some reason:
To start with, not at all like your typical ransomware which spreads by means of contaminated email connections or sites, WannaCry likewise consolidates components of a worm. PC worms don’t spread by tainting documents, as infections, yet rather spread by means of systems, looking for vulnerabilities in other associated PCs. So once it contaminated one PC in a system, it could move to taint them all.
Second, WannaCry’s worm uses an exploit allegedly developed by the NSA, and leaked to the public via the hacker organization The Shadow Brokers. The exploit goes after a vulnerability in Windows’ Server Message Block (SMB) protocol used by devices to communicate on a shared network. Specifically, it looked for any PC with the Samba TCP port 445 accessible.
Until it was leaked, this exploit was unknown to the world (a zero-day threat), and Microsoft was only able to release a patch for it in March. But millions have yet to install the patches, and older versions of Windows which Microsoft doesn’t support anymore didn’t receive update prompts at all. Microsoft has since made patches available even for the older systems – if you are running Windows 8 or below, you should install these post-haste.
Now that the genie is out of the bottle, we can expect to see new variants of this ransomware.
Who has been impacted?
The most affected countries, according to our data, are (in order): Russia, Ukraine, Taiwan, India, Brazil, Thailand, Romania, Philippines, Armenia, and Pakistan. More than half of the attempted attacks we recorded were in Russia.
Big institutions were also hit hard, particularly hospitals and other public services. Many of them rely on outdated systems to operate and simply cannot update their systems.
But many individuals had failed to install the security patches released in March. Older versions of Windows no longer supported by Microsoft didn’t even have security patches to install until the weekend of the attack.
Is my computer at risk of WannaCry ransomware?
If you are running a Windows machine, you are potentially vulnerable to this WannaCry ransomware. Here are some of the steps you should take immediately to stay protected:
1. Update your Windows operating system with the latest security patches
Microsoft released Windows security updates for this vulnerability when it was leaked by the Shadow Brokers in March. The flaw is severe enough that they even released security patches for Windows versions it has stopped supporting, like Windows XP and Vista (find them here).
However, millions of users have ignored these updates. Don’t be one of them.
2. If you haven’t already, install an up-to-date antivirus
The NSA’s exploit was quickly repurposed for ill, so relying on Microsoft’s security patches for attacks is not enough. A new variant is likely in the works. A good antivirus program that includes anti-ransomware capabilities is essential in catching the ever-evolving threat of ransomware.
3. Start making backups of your PC
If you’re like most people, you’ve probably heard this advice before and ignored it. But with the low price of external hard drives and the ease of doing backups, there’s no excuse for not having one. Weekly backups are more than enough for most people, and can save you a world of pain in case you do get infected.
4. Stay on the lookout for phishing emails and links
While WannaCry’s worm component helped it spread, it relied on the usual phishing emails and bad links to start with. Make sure you check emails and links before clicking them. Don’t know what to look for? We’ve got a handy test just for that.
Does AVG block WannaCry ransomware?
Yes. All AVG security products detect WannaCry ransomware. Even AVG AntiVirus Free goes beyond detecting normal code signatures, and looks at the actual behavior of the applications installed. So even if doesn’t know what the next variant will look like, it will know to catch it when it sees it spring into action.
I’ve been infected with WannaCry ransomware. What should I do?
If your computer is infected with the WannaCry ransomware, you should brace yourself for the possibility that you may not be able to recover your data. If you are infected, here are a few recommendations:
The same thing that makes encryption such a powerful tool when used to protect information, also makes it such a problem when it is used for ill.
1. Don’t pay the ransom
Whatever happens, we don’t recommend that you pay the ransom. We know that doesn’t sound very sensitive when your personal photos or important work files are at stake. But there’s no guarantee your files will be decrypted, or that the perpetrators won’t just run away with the money.
Paying up only makes these schemes more attractive. And any contact with the attackers gives them more chances to infect you with more malware.
2. Disconnect your computer from the internet
Pull the plug out of your Wifi router, pull the ethernet cables out of your computer. Isolate it from the web as soon as possible. Stop the malware from spreading to others, or from receiving more instructionsfrom whoever made it.
3. Restore from a backup
If you’ve been following best practices and have a backup on an external hard drive, you can use it to recover you data. Make sure that you do a complete wipe of your system and reinstall Windows completely before connecting your backup to your computer. Ideally, don’t even let it connect to the internet while your backup hard drive is connected, just in case.
4. Restore from Dropbox, Google Drive, or other cloud-based storage
If you’ve been backing up files via an online storage, it’s possible your local files were encrypted, and then synced to the clouds. So the first thing is to unsync your smartphone, tablet or any other cloud-connected device as soon as you can.
Then, access the service via a browser on an uninfected computer. You should be able to access the version history of your files, and restore them to earlier, unencrypted states.
5. Use a ransomware decryption tool
We’re hard at work on a decryption tool that might be able to recover your files. When it is ready, you’ll be able to find it here.