Robosoft Technologies

May 24, 2017

3 min read

WannaCry ransomware: how to prevent the attempt to swindle

Did you see the movie ‘The Dark Knight’ directed by Christopher Nolan? Like the Joker, WannaCry hackers are agents of chaos; that too in real life. What they did to the world with few lines of code — a worm, which would infect other systems in your network, was nothing short of a catastrophe.

WannaCry is malicious software that attacks your network & encrypts the data on Windows OS and then blackmails you to pay for your freedom. This cyber attack is targeted towards Government organizations, hospitals, NGOs, national security agencies, business sectors, Universities, telecommunications entities and such high-impact entities. The attack has crippled day-to-day operations in more than 150 countries.

How did WannaCry Spread?

Microsoft operating system contained a security glitch which got exploited by the WannaCry virus. The virus targets TCP port 445 to spread the ‘worm’ and patches it to the systems connected to the current affected system. Microsoft addressed this security glitch in March, 2017. But, by that time it was too late when Microsoft released a patch to address this vulnerability, which WannaCry hackers were targeting.

What is it doing to your computer?

Basically it holds your files, drives and your system as hostages and demands $300 as Bitcoins as ransom to decrypt the files.

What can you do if your system has been affected?

Firstly, don’t give in to the ransom demand. Second, remove the network cable from your system or turn off the WiFi feature. Get your system checked by an IT expert and take necessary precautions around it.

How did the attack subside?

Thanks to Marcus Hutchins, a 22-year-old British security researcher who found the Achilles heel of this attack. To summarize, this is what he did: he noted down the contact point of web-address or IP address of the WannaCry virus and tried to solve the DNS. Since this IP address was not registered, Marcus bought the domain for around $11. After buying the domain, he iterated the domain and was successful to find the software’s weakness.

It’s basically the last resort of hackers to stop the worm spreading to other system in case the situation goes out of hand. Hackers usually have this ‘Kill switch’ as a precautionary measure.

When in doubt, don’t tap or click

Even though this attack targeted towards users using Microsoft OS, however, Microsoft should be not held accountable for the security glitch. However, none of the security experts saw this coming. This is a clickbait era — when in doubt don’t ever click on any suspicious links on your social network platform or while browsing. This might download the patch of software to your system runtime and cause this Ransom WannaCry worm or virus.

What’s next?

Even though the spreading of this attack is subsided now, it’s not the end. Users of UNIX, Mac OS and Mobile are safe for now but might be the next targets.

Now, what can we do to save valuable data and money?

a. Don’t download any content from un-familiar sites
b. Ensure your credit card details are securely stored in e-commerce website which is compliant to the PCI Data Security Standard or don’t store it at all. Remove the card details, if you have not done that already.
c. Update to latest security patch released by Microsoft.
d. Install and update anti-virus software.
e. Mac users ought to be careful while downloading apps other than those from the App Store. Also they should update the security packages released by Apple.
f. Backup your data frequently.

This article was written by Ramachandra N, Technical Architect at Robosoft Technologies.