A dangerous new ransomware called "WannaCry" made waves recently, affecting roughly 200,000 systems in more than 150 countries worldwide.
The malicious software hit tens of thousands of systems in hospitals, schools, car factories, shops and more, locking computers worldwide with an unprecedented global reach.
The ransomware is known as WannaCry, WanaCrypt0r 2.0 or WCry and it's especially dangerous because it includes some sort of "worm functionality" that makes it more vicious than a regular ransomware attack.
How Does WannaCry Ransomware Work And Spread?
This ransomware simply locks up the files on an infected computer and encrypts them so that the owner or authorized user can no longer access them. The malicious software can make its way to a computer by tricking users to click or download a malicious file. The ransomware then locks up the files on the computer, keeping them encrypted and inaccessible until users pay the ransom to regain access. WannaCry demanded bitcoin to restore users' access to their hijacked files.
Malware cases have been spreading in recent years as the malicious software trend has been gaining ground, with new forms of ransomware hitting the scene. It seems that attacks are getting more dangerous and sophisticated and there's never any guarantee that paying the required ransom will actually restore access to the files.
Kaspersky Labs's Global Research and Analysis team points out that WannaCry starts with a remote code execution in Microsoft Windows, taking advantage of a vulnerability dubbed "EternalBlue." The exploit surfaced online back in April with the Shadow Brokers data dump, which Microsoft had already patched on March 14. However, many companies didn't install the patch.
The malware has spread at a whopping pace reaching countries worldwide, with evidence of the malicious software found in more than 150 countries. As previously mentioned, this attack is particularly dangerous because it's also a worm, which means that once it gets into a computer it starts connecting to other systems to spread as much as possible.
The EternalBlue exploit in Windows is believed to originate from the National Security Agency, as it became available when Shadow Brokers revealed a huge set of hacking tools the NSA allegedly used to access devices. EternalBlue uses a backdoor referred to as DoublePulsar and those who haven't installed Microsoft's patch from March may still be vulnerable to the ransomware attack.
Shadow Brokers's identity still remains a mystery, albeit security experts think the group could be tied to the Russian government.
How To Protect Yourself Against WannaCry Ransomware?
The WannaCry ransomware is nasty and once it gets hold of your files, there's no way to decrypt them — at least not for now. The first thing to do to protect yourself against this vicious type of ransomware is to install the security patches Microsoft issued to handle the vulnerability.
To further ensure that your files stay safe, it's highly advisable to back up all essential data, preferably on an external hard drive or some other solution that doesn't involve LAN networks.
At the same time, be extra careful when opening links or downloading files from unexpected emails or messages. This goes as a general safety rule for online safety to protect yourself against any potential malware, phishing scams or the like.
