Ransomware and WannaCry Cyberacttack

What is Ransomware?

Ransomware is a form of malicious software that locks up the files on your computer, encrypts them, and demands that you pay to get your files back. Usually ransomware will demanded in Bitcoin, which is totally untraceable.

The digital extortion racket is not new - it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

Most recently, a global cyberattack spread ransomware to countless computers over 150 countries. And these days ransomware doesn’t just affect desktop machines or laptops, it also targets mobile phones.

How Ransomware gets onto a computer?

The most common ways in which Ransomware are installed via phishing emails and visiting a website that contains a malicious program. After the malware has been installed, it will either encrypt information that’s stored on the computer or block the computer from running normally – while also leaving a ransom message that demands the payment of a fee, in order to decrypt the files or restore the system. In most cases, the ransom message will appear as a form of pop-up when the user restarts their computer after the infection has taken effect.

WannaCry Cyberattack

May 12th 2017 saw the biggest ever cyber attack in Internet history. A ransomware named WannaCry or Wanna Decryptor stormed through the web, with the damage epicenter being in Europe. It mainly affects Microsoft’s unpatched and pirated Windows operating system.

When a system is infected, a pop up window appears, prompting you to pay to recover all your files within three days, with a countdown timer on the left of the window. It adds that if you fail to pay within that time, the fee will be doubled, and if you don’t pay within seven days, you will lose the files forever. Payment is accepted only with Bitcoin.

WannaCry leveraged a vulnerability in Windows OS, first discovered by the NSA, and then publicly revealed to the world by the Shadow Brokers. In the first few hours, 200,000 machines were infected. It was first reported from Sweden, Britain, France and India, but Russia and Taiwan are said to be the worst hit. Big organizations such as FedEx, Renault, Telefonica and NHS were struck and crippled by the attack.

How does it spread?

According to the US Computer Emergency Readiness Team (USCRT), ransomware spreads easily when it encounters unpatched or outdated software. Experts say that WannaCry is spread by an Internet worm - software that spreads copies of itself by hacking into other computers on a network, rather than the usual case of prompting unsuspecting users to open attachments. It is believe that the cyber attack was carried out with the help of tools stolen from the National Security Agency (NSA) of the United States.

How to prevent from this attack?

1. Backup your data - The best way to protect your computer is to create regular backups of your files. The malware only affects files that exist in the computer. If you have created a thorough backup and your machine is infected with ransomware, you can reset your machine to begin on a clean slate, reinstall the software and restore your files from the backup.

2. Update Anti-virus program - According to Microsoft’s Malware Protection Centre, other precautions include regularly updating your anti-virus program.

3. Block pop-up -  Enabling pop-up blockers in your browsers.

4. Keep your system up to date - Update all software periodically, specially your operating system.

5. Be alert online -  Don't open suspicious mails, attachment and links.