Ransomware has struck again, impacting major networks across the world. By Friday the bug known as WannaCry, a.k.a. Wcry locked an estimated 200,000 computers throughout 150 regions across the globe. Russia, the Ukraine and Taiwan were among the Countries hit especially hard. Notorious for supporting over 24 different languages to deliver ransome messages, this self-replicating ransomware worm disrupted healthcare, government, business and transportation networks worldwide and here in the U.S.
Hundreds of hospitals in the British National Health Service experienced reports of infected computers. Some 400 computers in A Jakarta hospital were also hijacked, causing major health care disruptions. The German rail operator Deutsche Bahn suffered massive system failures. Even U.S. based FedEx Corp reported that computers using Windows operating systems were locked out causing system disturbance.
About the WannaCry Cyberattack:
The “WannaCry” ransomware has a unique a dangerous deployment method, acting as worm,
self-replicating itself inside a network, versus the human curiosity method, which spreads by clicking on an infected attachment.
When a computer or network is infected, a $300 ransom note appears in a pop up window. Instructions on how to pay, using Bitcoin only and two countdown clocks with deadlines are also included in the pop up window. The first clock is set for Three-days. If you do not pay the ransom by the third day, the ransom double. The second clock accounts for the time you have to pay until your data is lost forever.
Cyber security experts and researchers from Symantec and Kaspersky Lab believe that the code from an earlier version of the ransomware software may have stemmed from programs used by the Lazarus Group.
Over the weekend, an anonymous cybersecurity researcher for the security firm Kryptos Logic tweeted his accidental discovery of a kill switch, potentially halting the spread of WannaCry. The cybersecurity expert, who goes by the Twitter Handle @MalwareTech, registered a domain name that was hard-coded into the exploit which has stopped the worm from spreading. While this particular strain may not cause further damage, MalwareTech warns that hackers may attempt to change the code and try again.
Tips to Protect Yourself from WannaCry & Similar Cyber Threats:
- Make sure you are using a current antivirus solution software and keep it up-to-date.
- Always avoid clicking on random or suspicious links, attachments and emails from strangers
- If you are using Internet Explorer, turn on your Smart Screen (identifies and reports phishing and malware websites or dangerous/suspicious downloads)
- Set your internet browser settings to enable pop-up blocker
- Backup data, networks and important files religiously.
To better understand how Ransomware works and how to keep your computer and network safe, Read Alpha Group’s recent Ransomware news. If you believe your network or business may be a high profile target for Ransomware and other malware attacks, contact Alpha Group’s Computer Forensics team immediately.