How to Protect Yourself from WannaCry Ransomware

What It Is WannaCry And How Does It Work?

The WannaCry ransomware attack is so severe and ubiquitous, it’s even earned its own Wikipedia page. Infecting hundreds of thousands of computers from companies and individual users worldwide, it is unprecedented in scale. Like most ransomware, it functions by encrypting data on the hard drive of the infected machine, making it unusable, and claims it will remove the encryption if you pay $300-$600 in Bitcoin. And it’s been frustratingly successful: as of May 17, the hackers have collected over $72,000.

All devices running virtually any iteration of Windows have proven vulnerable to this breach. The program spreads through the Internet, and quickly to other computers on the same local network — one trait that helped it spread rapidly through whole organizations. The attacks were not limited to PCs however: when the malware spread into multiple hospitals in Scotland and England, various forms of hospital equipment were infected, including MRI machines.

The ransomware works with, among other things, EternalBlue, which is an exploit leaked by The Shadow Brokers. The Shadow Brokers are well known for publishing hacking tools apparently developed by the NSA — including EternalBlue. EternalBlue was developed in response to a discovery of a vulnerability in Windows. The developers discovered a hole in the operating system that allowed attackers to remotely inject code into the victim’s device. In this instance, the injection is WannaCry. This vulnerability exists (or existed) on all Windows devices. Microsoft actually released a security patch two months before the attack was launched, and, surprisingly, one month before The Shadow Broker’s leak.

How to Protect Your Computer from WannaCry

Update Windows. If you’re using Windows 10 you’re probably fine already because Windows 10 updates are surprisingly difficult to disable. The patch was given critical priority by Microsoft, and should have automatically installed on March 14th. We encourage regular software updates, anyway, as it exercises good infosec hygiene. If you’re not using Windows 10 and you didn’t automatically get the update, you can download it here from Microsoft Update Catalog. Click that link, or navigate to the site manually. The update you need is called MS17–010.

WannaCry is a trojan which means, as the name suggests, that it’s disguised as something the end user would want to download and run. Be vigilant, and avoid suspicious links. Do not download email attachments from unknown- or suspicious senders. Some trojans can be delivered by drive-by downloads from malicious websites or ads. Consider using an adblocker if you’re navigating to suspicious or unknown websites. And again, make sure you’re regularly backing up your device, and keeping its software updated.

Original Blog: How to Protect Yourself from WannaCry Ransomware