Everything you need to know about WannaCry Ransomware Virus.

Hoax, truth, lie and disaster come at the same time. And this is what happened on 12th May, Friday. When 230,000 computers were on the roller coaster around 150 countries with the software demanding ransom payments for the exchange of your own data in the cryptocurrency bitcoin in 28 languages.

WannaCry is far and away the most severe malware attack so far in 2017, and the spread of this troubling ransomware is far from over. And it is not over yet, it is spreading on vast pace. So let’s dig a small check on this sweet little virus.

What is WannaCry Ransomware Virus?

It is a computer program which is designed to take hostage of your computer which is targeting the Microsoft Operating System. It holds the infected computer hostage and demands that the victim pay a ransom in order to regain access to the files on his or her computer.

How this Virus works?

Before we start working on this virus we need to understand what is EternalBlue and DoublePulsar.

  1. EternalBlue: It is a software developed(Believed to be) by US National Security Agency. In simple words, it is a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. It is known as exploits.
  2. DoublePulsar: It is also an exploit, but it backdoor exploit. What it does, it bypasses normal authentication in a computer system. Unfortunately it is also developed by National Security Agency. DoublePulsar is often used for securing remote access to a computer, or obtaining access to plain text in cryptographic systems.

So our virus WannaCry uses both EternalBlue and DoublePulsar for hacking your device, which spread through network i.e. (Internet) which has not installed latest security updates.

Those still running exposed older, unsupported operating systems were initially at particular risk, such as Windows XP and Windows Server 2003, but Microsoft has now taken the unusual step of releasing updates for these.

So, how exactly it works?

“Free”, people are crazy about free things. Free Money, free service or anything free if you get it free.

So it comes with an email attachment. Like invoice, shipment or any tracking document. It looks like so generic that users are compelled to click on those attachment. Let me show you, how those emails look like?

Shipment Email
Invoice Email (Refund Notification)
Email based on Curiosity

These emails are just sample, you will get these kind of email. The moment you click on the attachment… Voillaaaaaaa. Hackers hit the jackpot.

What exactly does WannaCry do?

RansomWare like WannaCry works by encrypting most or even all of the files on a user’s computer. Then, the software demands that a ransom be paid in order to have the files decrypted. In the case of WannaCry specifically, the software demands that the victim pays a ransom of $300 in bitcoins at the time of infection. If the user doesn’t pay the ransom without three days, the amount doubles to $600. After seven days without payment, WannaCry will delete all of the encrypted files and all data will be lost.

Type of files which are targeted by WannaCry Virus.

According to Symantec almost all file types are targeted. These are the list which is targeted by WannaCry virus.

.123, .3dm, .3ds, .3g2, .3gp, .602, .7z, .ARC, .PAQ, .accdb, .aes, .ai, .asc, .asf, .asm, .asp, .avi, .backup, .bak, .bat, .bmp, .brd, .bz2, .cgm, .class, .cmd, .cpp, .crt, .cs, .csr, .csv, .db, .dbf, .dch, .der, .dif, .dip, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .edb, .eml, .fla, .flv, .frm, .gif, .gpg, .gz, .hwp, .ibd, .iso, .jar, .java, .jpeg, .jpg, .js, .jsp, .key, .lay, .lay6, .ldf, .m3u, .m4u, .max, .mdb, .mdf, .mid, .mkv, .mml, .mov, .mp3, .mp4, .mpeg, .mpg, .msg, .myd, .myi, .nef, .odb, .odg, .odp, .ods, .odt, .onetoc2, .ost, .otg, .otp, .ots, .ott, .p12, .pas, .pdf, .pem, .pfx, .php, .pl, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .ps1, .psd, .pst, .rar, .raw, .rb, .rtf, .sch, .sh, .sldm, .sldx, .slk, .sln, .snt, .sql, .sqlite3, .sqlitedb, .stc, .std, .sti, .stw, .suo, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vb, .vbs, .vcd, .vdi, .vmdk, .vmx, .vob, .vsd, .vsdx, .wav, .wb2, .wk1, .wks, .wma, .wmv, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .zip

As you can see, the ransomware covers nearly any important file type a user might have on his or her computer. It also installs a text file on the user’s desktop with the following ransom note:

Who is responsible for WannaCry Virus outbreak?

Thanks to NSA(National Security Agency, US) for discovering the “EternalBlue” exploit that would later be used by the WannaCry trojan.

Even Microsoft attacks US government over developing ‘EternalBlue’ exploit that led to hack.

How can you protect your system from this Virus?

Regardless of which operating system you run, you should install any and all available security updates immediately. Specifically, Windows users with machines that run Windows XP, Windows 8, or Windows Server 2003 should immediately install security update released on Friday by Microsoft.

If your system is infected by WannaCry Virus, can you recover your data?

Sadly No, You can’t. There is no fix for WannaCry available at this time. Antivirus companies and cybersecurity experts are hard at work looking for ways to decrypt files on infected computers, but no means of third-party decryption are available right now.

Hopefully affected users have backups of their data available, because the only other option right now is to follow the instructions offered in the software to pay the ransom.

How to respond to WannaCry Virus attack manually?

Disconnect your device from the internet to ensure there is no further infection or ex-filtrating of data as the ransomware will be unable to reach the command and control servers.

Set BIOS clock back in case the ransomware has a time limit associated to it as with Wanna Cry.

Hoax related to this virus:

Once this virus got spread around the world, hoax was developed around it.

A viral WhatsApp message claiming that a video called “Dance of the Hillary” is a virus which formats their mobile phone is actually a hoax.

The message was circulated widely and has even reached Malaysian users, but has been rubbished by the Reserve Bank of India, who said they were keeping a close watch on the situation involving the WannaCry ransomware attack.

Key Points:

  1. Approx 250,000 computers are affected around the globe in 150 countries. And the Attackers have collected about $50,000 from the victims so far
  2. Accidentally this virus was halt after buying domain name. But It was just a temporary halt.
  3. It is the largest Cyber attack in the history according to experts.
  4. Microsoft Blasted the NSA for ‘Stockpiling’ Vulnerabilities & Says It’s Like the Military Having ‘Some of Its Tomahawk Missiles Stolen’.
  5. Microsoft Has Released Updates to Its Older, Unsupported Operating Systems, Like XP & Windows 2003, Which Were the Most Vulnerable
Show your support

Clapping shows how much you appreciated Ashish Ranjan’s story.