16 May 2017

Africa: What Is Wannacry? What Does WannaCry Ransomware Do?

Photo: This Day
Describing it as the biggest cyber attack in history, Roi Shaposhnik of Johannesburg-based Gold N' Links Cyber said syndicates around the world targeted a weak spot in Microsoft security updates which lead to a massive crash (file photo).

A ransomware attack called WannaCry that was first launched on 12 May and since spread around the world impacted a number of high-profile organisations globally, including NHS England in the UK.

Ransomware is a type of malicious software that will block access to your files unless you pay a ransom.

Some 47 NHS trusts fell victim to these ransomware attacks resulting in devastating consequences for some patients, as operations were cancelled and medical records held for ransom.

One theory suggested that 90 percent of NHS trusts across the UK were using Microsoft's 16-year-old OS Windows XP, which could leave them susceptible to attacks.

What is WannaCry ransomware?

WannaCry or Wanna Decryptor ransomware seems to have used a vulnerability in Microsoft's software.

An exploit discovered and built upon by the USA's National Security Agency called EternalBlue was leaked by a group called the Shadow Brokers earlier this year. It was patched by Microsoft at the time, but older versions of Windows or those without Windows Update were left open to attacks.

WannaCry uses EternalBlue, which takes advantage of a vulnerability in the SMB protocol, to worm its way through local networks and online.

The worm encrypts data on an infected system, and then tells the user that their files have been locked and displays information on how much is to be paid and when - up to roughly $600 in bitcoin.

WannaCry, like the majority of ransomware and malware will arrive under your radar, as an email attachment or as a download on your PC. It essentially relies on victims clicking on or downloading the attachment, which causes the program to run and infect your computer with ransomware.

What versions of Windows are affected?

According to Microsoft's blog, older versions of Windows that are no longer supported by Microsoft were vulnerable, which includes Windows 8 and Windows XP, which the majority of NHS Trusts were running.

For those running Windows 10 or Windows Vista, Windows 7 and Windows 8.1 systems, which has automatic updates turned on, you'll remain protected from WannaCry.

For a full description of ransomware and how it can be stopped, see here.

How should businesses respond to ransomware attacks?

Sadly, there isn't a simple formula for businesses to follow in regards to ransomware. But there are a few things that businesses can do to limit the damage it causes.

The biggest question is whether businesses should pay or not. In most cases, the sum of money demanded is relatively small so it might seem easier to just pay the money and if you have backups, just restore your systems with them.

However, if you do pay, you're only fueling the fire. The longer victims pay, the longer ransomware will continue to grow, or at least that's what leading cyber security firms believe and it's why they advise against it.

The only real security from ransomware is backups and solid security best practices. Other than that, there are some decryption tools that claim to decrypt the files that the ransomware have locked down.

More on This

Hacker Group Teases More Windows Exploits, Cyberespionage Data

A group of hackers that previously leaked alleged U.S. National Security Agency exploits claims to have even more attack… Read more »

Copyright © 2017 CIO East Africa. All rights reserved. Distributed by AllAfrica Global Media (allAfrica.com). To contact the copyright holder directly for corrections — or for permission to republish or make other authorized use of this material, click here.

AllAfrica publishes around 800 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.