Ransomware and Wannacry

Ransomware is a “type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it”. Due to the complexity of this malware, it is almost always impossible to recover your files without paying the amount of money they state. The encryption methods are very strong and will delete all the data if you don’t pay in a certain time frame.

Some of the most well known ones include Cryptolocker, CryptorBit, and more recently, Wannacry. All of these work in similar fashion, locking files and demanding payment.

21

In current events, Wannacry has been very prevalent in the news for affecting the National Health Service in UK. The malware spread from one Windows computer to another through a FTP vulnerability. This was patched by Microsoft already, but the operating systems on the affected computers were not up to date.

wana_decrypt0r_screenshot

A few hours after this malware went viral, a researcher dug through the code and found that there was kill switch connected to a domain name. He went ahead and registered it, effectively stopping the malware from being activated.

ida

Although it has temporarily been stopped, it has continued to exist as there are new versions with the kill switch removed and is being spread very quickly.

As a consumer, you should make sure all your Windows computers are up to date with the patches and be aware of what links you visit and websites you go to. If you are already affected, make sure to disconnect from your network so it doesn’t spread. Also, you shouldn’t pay the ransom because often times you will not even receive the decryption key due to how busy they are.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s