For starters, Ransomware is a type of malware that locks and usually encrypts an operating system until the user pays to regain access.
Starting in 2011, cyber-criminals transitioned from fake antivirus tools to a more sophisticated form of extortion: file-encrypting viruses.
A virulent new strain of ransomware known as WannaCry (Ransom.Wannacry) has hit hundreds of thousands of computers worldwide since its emergence on Friday, May 12. WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting a critical vulnerability in Windows computers, which was patched by Microsoft in March 2017 (MS17-010).
The exploit, known as “Eternal Blue” was released online in April in the latest of a series of leaks by a group known as the Shadow Brokers, who claimed that it had stolen the data from the Equation cyber espionage group. The malware can enter a system through a malicious downloaded file, a vulnerability in a network service or a text message. It’s also relatively easy to produce so it can make anyone with some computer skills can become a cyber-criminal.
Why is it different from traditional malware?
• It doesn’t steal victims’ information, but rather encrypts it
• It doesn’t try to hide itself after files are encrypted because detection won’t restore the lost data
• It demands a ransom, usually in a virtual currency
Ransomware proliferates through these main attack vectors:
• Spam/Social engineering
• Drive-by-download through malvertising
• Malware installation tools and botnets
After the crypto virus infiltrates your machine, It will begin to encrypting more than 70 different types of files. Once it encrypts the files it renders your data unusable. The malware displays a message telling you how to recover the data and how you go about sending the virtual currencies before a specific deadline. Once the money is transferred and there is proof of payment, the attackers send decryption information to the victim.
We have seen several incidents where the ransom was paid but the files were never decrypted which left the company scrambling to finds ways to recover the data.
What should I do to protect my personal and business systems?
As usual, installing the latest Windows Patches / Updates is of utmost importance. You also want to consult with your antivirus vendor to confirm the wannacry ransomware signature has been added to the definitions file.
Exercise caution when downloading any files from the Internet as you should continue to be on high alert for the coming weeks after the initial detection of the threat.
As an additional mitigation step, disable SMB version 1.
Training, training and more training. Users can never be too cautious as the threat landscape continues to evolve, so implementing a consistent training program should reduce your risk exposure to emerging attacks.
Having a holistic CyberSecurity approach is vital to maintaining a low risk for a ransomware incident.
Contact us today to help you design a custom plan for your organization.