WannaCry – The Highlighted Ransomware

by senhasegura Blog Team | May 22, 2017 | senhasegura

A news which dominated jornals, where they talked about an attack in many countries, involving a virus who “stole data” and charged U$300 in bitcoins for ransom. According to the website “El País”, about 200.000 computers got infected in at least 150 countries.

This virus, after being executed in the user’s machine, exploits the SMB (Server Message Block) protocol in Microsoft systems, where the virus rapidly spreads. Besides that, the attack involves one of NSA ferraments, which by the end of the 2016 year, were put in auction by the Hacker Shadow Brokers group.

The most affected system was the Windows Server 2003, that many companies kept for being a legacy system, used for providing essential services for the bussiness. Microsoft released a security update in march 2017, this resolved many flaws in many Windows systems.

Initially the attack started in the Telefónica company in Europe, they decided to shutdown part of their computers when they realised it was a virus. UK hospitals also reported the attack, being both of them the two most affected victims.

The information in Brazil isn’t clear, but even in the recent news until this moment, the computers in big companies were not infected, but many decided to shutdown their computers to avoid any contamination, like Petrobrás and Telefônica/Vivo did.

Although these companies got financially damaged, UK hospitals reported the incident and had to move some patients to other units, which make us think about how serious this attack can turn out to be.

Until now, the news keep refreshing and the bumber can grow, because the infected computers are still infected and the professionals envolved are necessary to be very careful to make sure that the situation does not end up even worse.

What is this virus

This virus carries the name: WannaCry, is a type of Ransomware that encrypts all data in the computer user, and charge a ransom to give them back. In this case, the ransom started at U$300 in bitcoins, because this coin can not be tracked. There are many types of Ransomware, the WannaCry is only 1 among all diverses that can be in the internet.

Recently we disclosed a list of itens that can be highlights this year and one of the was Ransomwares. But what is Ransomware?

A Ransomware is a type of virus classified as Malware, despite being old, has been highlighted in the comunication channels made for information security, this because he doesn’t colects data for illicit uses, the data are still in the user’s machine, but they are encrypted in a way that the user would take years to unencrypt with avaiable tools in market. This forces the user to pay for the ransom or format the Operational System.

Should I pay the ransom?

The recommendation from many security companies is that the ransom should not be paid for two reasons:

1. This encourages attackers to keep praticing these attacks.
2. It is not guaranteed that the attacker will unencrypt your computer data. Besides that, collaborating with the attacker does not make part in the management process in incidents when we talk about Information Security. It’s necessary to keep the equipment in quarentine (in this case turned off) for the problem to be mitigated.

How to prevent yoursel?

The first step to protect yourself is install the Microsoft patch (avaiable here), in the same link has alternatives solution guides, like how to disable the SMBv1 protocol.

Besides that, the users needs to be in check that there’s a risk involved when execuntion suspect files in your machine. In this case, awareness is the best alternative.

For last, having a backup is mandatory in this case, because denys the attack and the TI team can take the measures to restore the files.