{"id":1656,"date":"2017-05-15T14:24:26","date_gmt":"2017-05-15T14:24:26","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=1656"},"modified":"2020-10-05T13:44:26","modified_gmt":"2020-10-05T08:14:26","slug":"wannacry-what-it-is-and-how-to-safe-from-all-ransomware","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/wannacry-what-it-is-and-how-to-safe-from-all-ransomware\/","title":{"rendered":"The Wannacry Woes: What It Is and How to Be Safe from All Ransomware"},"content":{"rendered":"

We saw how Microsoft’s expressed relief headache ended as they released this statement “we fixed this vulnerability two months ago! If you all updated your security settings in Windows this wouldn’t be a problem!<\/p>\n

\"WannaCry<\/p>\n

Last Friday this ransomware<\/a> called ” WannaCry” created havoc across thousands of computers around the world<\/strong>. Unfortunately, a lot of people didn’t update the patch and are now caught in trouble. A rough estimate shows that users in 150 countries were affected. Organizations of all sizes from Hospitals, railway system, FedEx, Russian government agencies<\/a>, manufacturing firms etc were caught unaware. They were cut off from their servers, their files ripped through, account seized and more. According to Europol, nearly 200,000 computers had been infected.<\/p>\n

The WannaCry Modus Operandi<\/strong><\/p>\n

A virus or ransomware<\/a> spreads when users unwittingly click on an unsafe link or email attachment that carries the malware. The creator of WannaCry, however, made use of an Microsoft\u2019s old Windows flaw<\/strong> (a hole in the code), which allowed them to remotely take control of \u00a0a computer and install Encryptor. So even if the user doesn\u2019t click on any link it will still find its way into your system.<\/p>\n

Users who didn\u2019t update their computer with Microsoft\u2019s latest patch<\/a> were booted out within seconds. The malware denied them any access and demanded $300 (in bitcoin) in exchange for getting\u00a0their computer and data back. The victim had three days to pay out and after that, the amount will be doubled to $600. Nevertheless, security experts say WannaCry could only fetch USD37,000 as ransom. According to Checkpoint Security points, victims have not been able to retrieve their files even after paying<\/strong>. This might not be a big money, but taking into account the havoc this malware has created, it looks like many more businesses might fall prey expecting data after paying money. Those behind WannaCry is not responding, and it\u2019s quite unlikely that they will decrypt anybody\u2019s files as promised, says Checkpoint.<\/p>\n

Accidental Halt<\/strong><\/p>\n

Meanwhile a 22-year-old cybersecurity analyst in the UK \u201caccidentally\u201d managed to stop the spread of WannyCry when he unwittingly activated a \u201ckill switch\u201d in the malicious software. According to him, the malware was connecting to an unregistered domain with a long string of letters iuqerfsodp9ifjaposdfjhgosurijfaewrwergwe- a.com. He checked if the preposterous domain was registered or not, but it wasn\u2019t so he bought it for $10.69. It turns out that the domain was intended to be a backup plan for the malicious hackers<\/strong> in case they wanted to stop the spread of WannaCrypt. As soon as the domain was registered, thousands of connections a second began flooding in.<\/p>\n

He developed the \u201cKill Switch\u201d which was hardcoded into the malware<\/strong>. When the malware makes a request and shows the domain is live, the \u2018Kill Switch\u2019 will stop the spread.<\/p>\n

“It Will be Back”, said the 22-year old Malware Tech. \u201cThis is not over<\/strong>. The attackers will realize how we stopped it, they\u2019ll change the code and then they\u2019ll start again. Enable windows update, update and then reboot.\u201d<\/p>\n

How Does WannaCry Ransomware work?<\/strong><\/p>\n

Protect your organization with Containment Technology!<\/strong><\/p>\n

Your risk of infection<\/strong> depends on how adventurous you are, so how can you be sure that you are definitely not going to get Virus on your system. A virus removal software<\/a> (antivirus<\/a>) can help to a large extent, but more than that there is something called Automatic Containment Technology<\/a> (ATS). This defeats zero-day attacks<\/strong> better than any other security.<\/p>\n

 <\/p>\n