A MASSIVE RANSOMWARE attack spread across the globe early Friday morning, locking up thousands of hospital, telecommunications, and utilities systems in nearly 100 countries. The attack used data stolen from the NSA to exploit vulnerabilities in Microsoft Windows and deliver the WanaCrypt0r ransomware. The demand was for $300 per PC.
The WCry ransomware, also referred to as WNCry, WannaCry, WanaCrypt0r or Wana Decrypt0r, was originally spotted in campaigns in early February 2017, with more campaigns following in March. It wasn’t until now that the attack went global.
Like most ransomware families, WCry renames files it encrypts, adding the .WNCRY extension.
The ransomware demands users pay $300 worth of Bitcoin to retrieve their files, and warns that the “payment will be raised” after a certain amount of time. The bad actors were curtious enough to provide translations of the ransom message in 28 languages.
The malware spreads through email. The ransomware executable itself can be best described as a dropper that contains all the different ransomware components in form of a password protected ZIP archive within its file. When run, it will start unpacking its components to the directory it was executed in.
How do I protect myself from Ransomware?
- BACKUP YOUR DATA: As we have discussed in previous articles, the best protection still remains a reliable and proven backup strategy. Once your PC becomes infected, the only way to get your valuable data back is to pay the Ransom or restore your data from backups.
- KEEP YOUR OPERATING SYSTEM UPDATED: Making sure to install critical windows updates is a very important step in protecting your PC, as WCry seems to be spreading via the SMBv1 exploit currently, which has been patched for 2 months already. Any systems running a Windows version that did not receive a patch for this vulnerability should be removed from all networks.
- INSTALL & UPDATE A GOOD ANIT-MALWARE PROGRAM: Apart from regular backups & system updates, a good Anti-Malware program may save the day as well. The Behavior Blocker technology used by Emsisoft Anti-Malware has proven to be a very good defense, as it has caught the ransomware before the file could execute and thus once again keeping users protected from this and hundreds of other ransomware families. It's extremely important to keep your Ant-Malware software up to date as well.
Defense is always your best offense against these bad actors. Meridian highly recommends you Backup your data, stay current with windows operating system updates and use a program like EMSISOFT Anti-Malware software as a prevention mechanism.
If you feel your computer is vulnerable Meridian is currently running a Spring Clean-Up Special. This special will make your system run more efficiently, has applied all current system updates, and will remove any Virus/Malware we find. Come in soon as this special offer was recently extended to the end of this month!