Wannacry(aka Wannacrypt, Wannacryptor) the word that broke the news two weeks back and created a great amount of chaos by affecting thousands of computers across the globe. We had covered about the attack and prevention measures earlier , if you hadn’t read it yet, read it here.
What did Wannacry Do?
Though the concept of ransomware has been there since a decade, it has become quite popular in the recent times. Wannacry was one such ransomware that demands money by encrypting your files. If you do not pay the money that it demands, the malware threatens to delete your files. But what makes Wannacry different from other ransomwares is that it used an exploit named EternalBlue by NSA(National Security Agency). As many people did not update their systems, even though patch was released by Microsoft in March, hell broke loose.
Wannacry had the ability to spread through the network via a vulnerability in Windows File Sharing Service using port – 445. That made the ransomware more threatening compared to other ransomwares. Soon as the attack started spreading, Security researchers started analyzing the malware to prevent the malware from spreading. A British Security researcher found that there was a kill switch(read it as Power OFF button) for the malware hardcoded in it. He used the Kill switch and slowed down the infection rate.
Soon after that, two researchers provided a Decryptor that could decrypt the files encrypted by Wannacry. You can find the decryptor here. The system must not be rebooted for the Decryptor to work. So having spoken about Ransom ware, let’s ask ourselves, what the attack has taught us.
Use of Outdated Software
The major issue for the widespread attack was the use of Outdated software. Microsoft ended the support for Windows XP and Windows Server 2003 as early as April 2014 and July 2015. Even then, it was reported that windows XP and Server 2003 operating systems were affected more. As Microsoft has ended support, there was no official patch released for the operating system. This caused many infections across the globe and after the attack was prominent, Microsoft released an out of the band patch for Windows XP and Server 2003.
So if you have Windows XP/Server 2003 operating systems still, then Wannacry has taught us to update them immediately.
Irregular Security Patch Updations
We users mostly will click on the ignore/remind-me-later option when prompted of updates. It is always a good practise to update the recent security patches as and then they are released. For instance, the patch for this vulnerability that was exploited by Wannacry was released by Microsoft in March of this year. Yet, many people failed to update the Security patch and thus faced the attack. Wannacry has taught us to update Security patches when they are prompted for.
Antivirus Database Updations
Antiviruses though were not able to prevent the attack in the first place, once the attacks started spreading, antivirus companies updated their malware databases. The updations contained signatures of the malware that helped in preventing the attack in the later stage. So it is always good habit to update the Antivirus databases for signatures of malwares. Owing to the increase in malware in the internet, Antivirus companies update their digital signatures on a daily/weekly basis. It is always recommended to update the AV databases regularly.
Cyber Security Awareness
The most important thing that Wannacry taught us was, Cyber Security awareness. As soon as there was an outbreak of the malware on the internet, social media was filled with awareness posts about the malware. Also how to prevent the attack, which is a good thing, however there were few posts that were completely hoax and misleading. For someone who does not have a basic knowledge about cyber security, that would have appeared as a true post. So it is necessary for every internet user to at least have a basic knowledge about Cyber Security. What I believe is, Wannacry is just the beginning of many attacks to come on the internet in future.
Do not Download Attachments from Unknown Sources
One of the most used carriers of malware is mails. Whenever you receive a mail with an attachment, download it after looking up the sender. Do not download attachments from Spam emails. Do not trust mails that say you have won a crore or this is your insurance/bank statement. Download the attachment and scan it with Antivirus in your system even if you trust the source of the attachment. It is always good to be over conscious about the downloaded attachments from internet.
Still there are different analytics happening across the globe to identify the source of the Wannacry attack. Nevertheless, it has taught us some important lessons with the attack and also raises a question in us. Why would a malware author write a malware with a Kill Switch in it. That means either the author had copied the code from somewhere or he wrote it for someone to stop it. A recent blog post from Flashpoint, a Security firm shows that linguistic analysis of the README files traces the authors to Southern China. Also while you are reading this article, yet another similar attack is on process for Linux based systems based on a similar vulnerability in Samba File Sharing Service.
In my personal opinion, a person who thinks he/she is safe is the most vulnerable one. Ransomwares are a part of the cyber attacks, there are many such attacks happening that menace a normal internet user’s day-to-day activity. Stay tuned for more tech and security posts.