The WannaCry is a typical ransomware program that works to encrypt the victim’s data stored on the computer to ask a ransom amount to recover. It is wreaking havoc all around the world. More than 230,000 computers of many individuals and organizations in about 150 countries have been conquered and compromised since the infection was found on Friday, 12 May 2017. WannaCry is so violent a ransomware program, what can we do to avoid being attacked by it?
The recent notorious ransomware WannaCry is also named WannaCrypt, WanaCrypt0r 2.0 or Wanna Decryptor. On Friday, 12 May 2017, WannaCry was began to use to attack Microsoft Windows operating systems all over the world exploiting leaked NSA tool EternalBlue. As with other similar ransomware, the victims will be presented a message to be informed of their situation after infection. The ransomware works to encrypt data stored on the computers and demands a ransom amount in bitcoin ranging from $300 to $1200 USD within 3 to 7 days to restore the corrupted files.
The attack is described as unprecedented and undoubtedly, it is one of the most serious disasters in scale in history. It is estimated that the attack has compromised over 230,000 computers in 150 countries including the US, UK, Spain, China, Russia, Italy, Ukraine, India, Turkey, Germany, Vietnam, Philippines etc. Many computers and devices of more than 200,000 victims of both individuals and various organizations such as schools, automobile corporations, hospitals, telecom companies and banks are corrupted by the WannaCry ransomware. According to reliable sources, UK’s National Health System (NHS), Gemany’s rail system Deutsche Bahn, France’s Renault and Japan’s Nissan factories, Russia’s central bank, US FedEx, Spanish telecom Telefonica, South American airline LATAM Airlines, and many schools in China are all affected by this notorious attack.
The WannaCry ransomware is created target Microsoft operating systems worldwide possibly either through a vulnerability in the network defenses or very well-elaborated spear phishing emails exploiting leaked NSA tool EternalBlue. When activated, the ransomware starts to encrypt data stored on the infected computers and take advantage of the SMB vulnerability to distribute itself if there is no “kill switch” domain name is found on the compromised systems. It is reported that the WannaCry ransomware breaks into a person’s computer as soon as a compressed zip file attached to an email is downloaded by him. Many other victims have got infected in this way. Fortunately, for users who use the operating systems that are still supported by Microsoft and have installed the latest security update, they become survivors of this global cyberattack disaster. But for those who are still using old unsupported systems such as Windows XP and Windows Server 2003, they may have been attacked or are being put at extremely high risk. Microsoft had stopped releasing security patches for Windows XP since April 2014 except one emergency patch released in May of the year. However, Microsoft also created security patches for several old versions of Windows which are now unsupported to help users protect themselves against the attack of WannaCry after the outbreak. And Windows 8 as well as the two mentioned versions are all included in the unusual move.
Should you pay the hackers to restore the encrypted data? Never to pay is our recommendation if the corrupted files are dispensable or not essential for you since any payments can’t guarantee the data will be recovered to what it was originally like. And you should work to weigh if the contaminated files are worth the ransom amount demanded by the hackers. While in the case of precious data being damaged and impossible to regain by no means, we are afraid paying the ransom amounts might be your last choice to try because it is usually impossible for any third parties to help decrypt and restore data compromised by such ransomware like WannaCry.
How to remove the WannaCry ransomware and any other threats having possibly been introduced by it? WannaCry is in essence a special type of computer virus. Auto removal by using certain antivirus programs and manual removal carried out by an expert are the two methods we usually use to deal with a virus. While manual removal is always the most reliable way we can rely on considering the fact that there is no antivirus tool that is powerful enough to be capable of detecting and killing any kinds of virus or malware completely and in many cases, some of your special and reliable files or programs can be ridiculously identified as serious threats and killed, which will undoubtedly causes many inconveniences for the user and result in abnormal operation of the system if the files or programs are the critical data to keep the device run properly. In the case of WannaCry ransomware, DoublePulsar backdoor is believed to be one of the possible threats being introduced. It needs to be deleted when systems are decrypted.
It is not sure whether the WannaCry will stop circulating in the following days; while we are sure ransomware like WannaCry will never stop compromising in the digital era as long as smart devices such as computers are still being used to serve our life and work. Even if WannaCry should disappear in near future, it is hard to guarantee you will not be attacked by a more violent ransomware program with a different name. What can we do to protect our devices and data from being undermined by ransomware or any other malware?
Here are some measures on which you can rely on to keep secure your data and devices.
1. Using an external hard drive or a cloud backup service such as Google Drive, Apple iCloud or Dropbox to make regular backups of your important data. This measure will help you out of extreme stress and save you time and money when you accidentally become a victim of a piece of malware one day.
2. Keep installing the latest security updates released by Microsoft to patch your supported Windows. As mentioned, WannaCry exploits the leaked NSA tool EternalBlue to break into and compromise the victims’ computers by taking advantage of a vulnerability of the SMB of the system. If there was no such a vulnerability or the vulnerability were fixed by installing patches by all the victims, the attack would have not been so disastrous. Nobody knows if there is still such vulnerabilities or other weaknesses unnoticed in the Windows operating system, but keep installing the latest security patches on your now-supported systems as quickly as they are released will significantly help you stay away from various ransomware and malware.
3. Stay away from suspicious emails and websites. Phishing email is one of the most common ways the malware uses to initiate an attack. It is usually a seemingly friendly email including malicious links or files. As soon as you click on the links or download and install the files, your computers will be attacked at once. Suspicious websites like pornographic sites are places where tons of vicious ads and malware are loaded. Visiting such websites will put your computer at high risk of being infected the ransomware.
4. Use and keep your firewall open
Using a firewall is an effective way to help you keep away from ransomware. A suspicious or unauthorized program will not be allowed to access your computer if you have a firewall running on your system. It may cause certain inconveniences on some occasions, for example, stop you from using some normal applications properly, but it keeps safe your online communications in return.
5. Apply a VPN (Virtual Private Network) service to encrypt your online traffic and stay anonymous on the web. Applying a VPN service can help you protecting the digital communications from being intercepted by hackers or cybercriminals. Since your real IP can be perfectly covered with the VPN, it becomes harder for the hackers to initiate an attack against you. Sometimes it just fails to do so.
Note: Have tried many methods but still have trouble in removing the stubborn WannaCry ransomware or other malware? To make your computer green, you are recommended tocontact An Online Expert for instant help now.
Published by Sarah Poehler & last updated on May 16, 2017 10:41 pm