As the name suggest if your PC is affected with this ransom ware then you will definitely wanna cry for help because a while ago this ransom ware was making the whole world’s IT system to cry for help. So lets look some more into it.
1. What is a Ransom ware
Ransom ware is nothing but a nasty little program designed to keep you using you personal files by encrypting them and would demand a ransom mostly in form of money (Bitcoins) to decrypt your files.
2. Wanna cry
In history there has been many ransom ware but wanna cry is a unique ransom ware design to exploit a weakness in windows which has been found out by the great NSA(National Security Agency) America to spy on on most of the windows PC. A windows exploit known as ‘The Eternal Blue’ was used to make this ransom ware. A group of hackers known as Shadow Broker hacked the NSA personal servers and retrieved this exploit to make some thing bigger which the world know as WannaCry aka Wanna Crypt. Wanna cry was not just a simple ransom ware but was also a worm which was smart enough to propagate from one PC to another in a network. There fore in fraction days it was able to wide spread from one PC to the whole world. Mostly this ransom ware were to infect a PC from a infected attachment or malicious link in suspicious sites. as shown in below image shows the internal propagation and protection embedded in this program
If you are not infected then very good. You have to just take care of few below things:
- Stop clicking suspicious looking inks because no secret formula will help you get fairer or lose weight
- Stop downloading all attachment from any sender even if it is your bank. first confirm from the source.
- Another thing to keep in mind is to disable smb from your windows feature section to stop in into entering to your PC from a infected PC or to propagate to another PC
- And if your are infected with the ransom ware then thanks to a guy named Roy Castillo reverse engineering trick he found a password hard coded in the program so try to use WNcry@2017 to decry-pt your data. There is no guarantee that this password will work as most of the passwords are not the same.
- Also keep your PC update with below patch
Windows xp http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
Windows Vista x86
Windows Vista x64
Windows 7 x64
Windows 7 x86
Windows 2003 x86
Windows 2003 x64
Now the present threat has came to a stall but as suggested by Rendition Infosec that they have seen a version of WannaCry that does not have a kill switch. Also conformed by Bitdefender. It has been just days and a new version has started popping up.
So just follow the prevention steps and be safe.