Wednesday, May 17, 2017

All about WannaCry ransomware

The WannaCry ransomware attack is an ongoing cyberattack of the WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware computer worm, targeting the Microsoft Windows operating system.

Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on your computer, use your e-mail program to spread itself to other computers, or even erase everything on your hard disk.

Ransomware usually infects a computer when a user opens a phishing email, and although such emails have been alleged to be used to infect machines with WannaCry, this method of attack has not been confirmed. Once installed, WannaCry uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts and hence it’s a worm. A worm is technically not a virus, but a program very similar to a virus; it has the ability to self-replicate.

The attack started on Friday, 12 May 2017 and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries. The worst-hit countries are reported to be Russia, Ukraine, India and Taiwan, but parts of Britain's National Health Service (NHS),  FedEx and LATAM Airlines were hit along with many others worldwide.

Wannacry Ransomware takes a computer hostage and holds it for ransom. In this case, the attackers are asking for at least $300 in bitcoins for each computer affected by the attack. With ransomware attacks, the malware locks down a target machine, encrypting its data and preventing the owner from accessing it until he or she agrees to pay up.


Shortly after the attack began a web security researcher who blogs as "MalwareTech" unknowingly flipped an effective kill switch by registering a domain name he found in the code of the ransomware. This slowed the spread of infection, but new versions have now been detected that lack the kill switch




No comments:

Post a Comment