Ransom ware (Wanna Cryyyy).

As the name suggest if your PC is affected with this ransom ware then you will definitely wanna cry for help because a while ago this ransom ware was making the whole world’s IT system to cry for help. So lets look some more into it.

1. What is a Ransom ware

Ransom ware is nothing but a nasty little program designed to keep you using you personal files by encrypting them and would demand a ransom mostly in form of money (Bitcoins) to decrypt your files.

2. Wanna cry

In history there has been many ransom ware but wanna cry is a unique ransom ware design to exploit a weakness in windows which has been found out by the great NSA(National Security Agency) America to spy on on most of the windows PC. A windows exploit known as ‘The Eternal Blue’ was used to make this ransom ware. A group of hackers known as Shadow Broker hacked the NSA personal servers and retrieved this exploit to make some thing bigger which the world know as WannaCry aka Wanna Crypt. Wanna cry was not just a simple ransom ware but was also a worm which was smart enough to propagate from one PC to another in a network. There fore in fraction days it was able to wide spread from one PC to the whole world. Mostly this ransom ware were to infect a PC from a infected attachment or malicious link in suspicious sites. as shown in below image shows the internal propagation and protection embedded in this program

Also looking at the below image it is clear that countries like need to take their security more seriously and should start switching to a more secure platform like Linux from Windows

3. Prevention

If you are not infected then very good. You have to just take care of few below   things:

  •  Stop clicking suspicious looking inks because no secret formula will help you get fairer or lose weight
  • Stop downloading all attachment from any sender even if it is your bank. first confirm from the source.
  • Another thing to keep in mind is to disable smb from your windows feature section to stop in into entering to your PC from a infected PC or to propagate to another PC

  • And if your are infected with the ransom ware then thanks to a guy named Roy Castillo reverse engineering trick he found a password hard coded in the program so try to use WNcry@2017 to decry-pt your data. There is no guarantee that this password will work as most of the passwords are not the same.
  • Also keep your PC update with below patch

Windows xp http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe  

      Windows Vista x86 

          http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c.msu  

              Windows Vista x64 

                  http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-x64_6a186ba2b2b98b2144b50f88baf33a5fa53b5d76.msu  

                      Windows 7 x64 

                          http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu  

                              Windows 7 x86 

                                  http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_6bb04d3971bb58ae4bac44219e7169812914df3f.msu  

                                      Windows 8 

                                          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x64_f05841d2e94197c2dca4457f1b895e8f632b7f8e.msu  

                                              Windows 8.1 

                                                  http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_5b24b9ca5a123a844ed793e0f2be974148520349.msu  

                                                      Windows 10 

                                                          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows10.0-kb4012606-x64_e805b81ee08c3bb0a8ab2c5ce6be5b35127f8773.msu  

                                                              Windows 2003 x86 

                                                                  http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-enu_f617caf6e7ee6f43abe4b386cb1d26b3318693cf.exe  

                                                                      Windows 2003 x64 

                                                                          http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe  

                                                                              Windows 2008 

                                                                                  http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-x64_6a186ba2b2b98b2144b50f88baf33a5fa53b5d76.msu  

                                                                                      Windows 2008R2 

                                                                                          http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu  

                                                                                              Windows 2012 

                                                                                                  http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8-rt-kb4012214-x64_b14951d29cb4fd880948f5204d54721e64c9942b.msu  

                                                                                                      Windows 2012R2 

                                                                                                          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_5b24b9ca5a123a844ed793e0f2be974148520349.msu  

                                                                                                              Windows 2016 

                                                                                                                  http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows10.0-kb4013429-x64_ddc8596f88577ab739cade1d365956a74598e710.msu
                                                                                                                  5. Future

                                                                                                                  Now the present threat has came to a stall but as suggested by Rendition Infosec that they have seen a version of WannaCry that does not have a kill switch. Also conformed by Bitdefender. It has been just days and a new version has started popping up.

                                                                                                                  So just follow the prevention steps and be safe.

                                                                                                                  Leave a Reply