A new, virulent ransomeware strain known as Wannacry (also known as Wanacrypt and Wannacrypt) launched on to the world stage on Friday, May 12, 2017 in one of the largest worldwide cyberattacks in history. The WannaCry ransomware cryptoworm encrypted the data of victim computers and demanded the user pay a ransom in Bitcoin cryptocurrency to regain access to their files on the system. Within hours, hundreds of thousands of computers across many countries with Windows operating systems were hit.
How Wannacry is different from other ransomeware?
WannaCry poses a far greater threat than other common ransomware types because of its ability to spread across an organization’s network by exploiting critical vulnerabilities in Windows computers patched by Microsoft in March 2017 (MS17-010). “Eternal Blue,” the exploit, released online in April in the latest of a series of leaks by a group known as the Shadow Brokers. The Los Angeles Times reported in May that Microsoft was critical of the U.S. National Security Agency (NSA) for its alleged role in weaponizing the Windows weakness, many years ago, and allowing its theft by hackers for use in launching the attack. While Microsoft quietly patched Windows against the attack in March, many large organizations using Windows systems were not updated and unprotected.
How can users protect themselves against Wannacry?
Users who have not done so already should install the March, April or May Windows Update bundles immediately. Microsoft has even released patches for Windows XP and its server counterpart Windows 2003. Users unable to install the patch for any reason can disable Server Message Block 1 (SMB1), network file sharing, the location of the weakness the ransomeware exploits. Users can also close firewall ports 139 or 445 or both as they are the ports SMB uses.
What can users infected with Wannacry do?
Aside from paying the ransom to the hackers, there are some guides and tools available online alleged to help assist a victim of Wannacry in getting their files back. Use caution when considering such paid tools and removal programs as they could be fake. Only consider tools from well-known security firms such as Norton, Sophos, Avira, Malwarebytes, etc. Recent reports of the poor coding of the Wannacry ransomware does offer some hope for victims hoping to have their files returned.