So Its been almost about Two months that we all were shocked to know that a Ransomware was out there and all of our data needed to be protected.
Well Here is a sweet report about it that i would like you to read and act accordingly
What is involved in this attack? What weakness(es) or systems does it affects? What can we do to mitigate and recover from such attack? Are few questions that are on our mind so lets find our answers
What is a Ransomware?
Ransomware is malicious software which covertly encrypts your files – preventing you from accessing them – then demands payment for their safe recovery. Like most tactics employed in cyberattacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.
However our friend here a.k.a WannaCry is not just a simple ransomware but also have the capabilities of a ‘worm’ too.
Yup its true so all it needs is one single host and then what it does is really fascinating
Let’s go step by step
- First Given that a user(who is ignorant ) has accepted a friend request pop up or has clicked some suspicious link the ransomware will propogate to his/her system
- Now WannaCry has his own art of finding a perfect target it checks whether the system is vulnerable and compatible if yes lission accomplished.
- Next thing is that is propogates through your LAN to every other system which can be targeted and thus reaches out to every machine
So this is what a WannaCry works like(in layman’s term).
Which Systems Are Impacted?
It mostly impacts Windows product following is the list:
- Microsoft Windows Vista SP2
- Windows Server 2008 SP2 and R2 SP1
- Windows 7
- Windows 8.1
- Windows Server 2012 and R2
- Windows 10
The “worm” component takes advantage of a Remote Code Execution (RCE) vulnerability that is present in the part of Windows that makes it possible to share files over the network (known as “Server Message Block” or SMB).
Microsoft has released a patch for the users MS17-010
Is it still there?
This ransomworm can be spread by someone being on public Wi-Fi or an infected firm’s “guest” WiFi and then taking an infected-but-not-fully-encrypted system to another network. WannaCry is likely being spread, still, by both the traditional phishing vector as well as this network worm vector.
What Can You Do?
- Ensure that all systems have been patched against MS17-010 vulnerabilities.
- Ensure critical systems and files have up-to-date backups. Backups are the only full mitigation against data loss due to ransomware.
- Employ network and host-based firewalls to block TCP/445 traffic from untrusted systems. If possible, block 445 inbound to all internet-facing Windows systems.
- End user education is compulsary so that phishing attacks can be mitigated.