Ransomware & WannaCry Information
Ransomware is a malicious software that encrypts the
files and locks device, such a a computer, tablet or smartphone and then
demands a ransom to unlock it. Recently, a dangerous ransomware named
'Wannacry' has been affecting the computers worldwide creating the biggest
ransomware attack the world has ever seen. This has affected computers in India
also.
What is WannaCry Ransomware?
-------------------------------
WannaCry ransomware attacks windows based machines. It
also goes by the name WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY.It
leverages SMB exploit in Windows machines called EternalBlue to attack and
inject the malware. All versions of windows before Windows 10 are vulneable to
this attack if not patched for MS-17-010.
After a system is affected, it encrypts the files and
shows a pop up with a countdown and instructions on how to pay the 300$ in
bitcoins to decrypt and get back the original files. If the ransom is not paid
in 3 days, the ransom amount increases to 600$ and threatens the user to wipe
off all the data. It also installs DOUBLEPULSAR backdoor in the machine.
What can you do to prevent infection?
----------------------------------------
Microsoft has released a Windows security patch
MS17-010 for Winodws machines.
This needs to be applied immediately and urgently.
Remove Windows NT4, Windows 2000 and Windows XP-2003
from production environments.
Block ports 139, 445 and 3389 in firewall.
Avoid clicking on links or opening attachments or
emails from people you don't know or companies you don't do business with.
SMB is enabled by default on Windows. Disable smb
service on the machine by going to Settings > uncheck the settings > OK
Make sure your software is up-to-date.
Have a pop-up blocker running on your web browser.
Regularly backup your files.
Install a good antivirus and a good antiransomware
product for better security.
File Names:
• @Please_Read_Me@.txt
• @WanaDecryptor@.exe
• @WanaDecryptor@.exe.lnk
• Please Read Me!.txt (Older variant)
• C:\WINDOWS\tasksche.exe
• C:\WINDOWS\qeriuwjhrf
• 131181494299235.bat
• 176641494574290.bat
• 217201494590800.bat
• [0-9]{15}.bat #regex
• !WannaDecryptor!.exe.lnk
• 00000000.pky
• 00000000.eky
• 00000000.res
• C:\WINDOWS\system32\taskdl.exe
Cheers!!!
Be Confident, Do Confident.
Comments
Post a Comment