A ransomware called WannaCry has hit about 200,000 computers in over 150 countries all over the world including Russia, Ukraine, Taiwan and the UK. The target systems are computers working on older versions of Microsoft operating systems.Microsoft had released a security patch for the vulnerability in March. However, systems that have not been updated are at risk. The ransomware locks down the files in the computers and encrypts them so that the users cannot access the files. The criminals demand $300 in virtual currencies like Bitcoin to unlock the systems. The pop-up window that appears on systems that has been attacked contains instructions on how to pay the ransom. It also contains two countdown clocks. One shows that there is a three-day time period before the ransom doubles to $600. The other clock shows the time when the user will lose all the files permanently, if he/she does not pay the ransom. The ransomware has hit banks, hospitals and government agencies around the world.
Ransomware affects your computer when you click or download malicious files. Some researchers say that WannaCry is spread through a worm which does not need a human to spread it by clicking. It can spread itself in a network. Although the pop-up shown on the attacked systems say that you will be allowed access to your files once you pay the ransom, there is no guarantee that this is the case. You may not get access to your files back even after you pay the money.
There are some precautions that you can take to avoid being hit by ransomware. Install an antivirus software and regularly update it. Make sure the software you use is up to date. If you use an older operating system, update to a new version. Do not click on links or open attachments or emails from people you do not know. You can turn on the smart screen option in Internet Explorer. It will warn you about phishing and malware websites. Always run a pop-up blocker on your browser. Maintain an offline database of important files. Try to backup data in separate devices. If you connect to the internet through Enterprise Edge or perimeter network devices, make sure to either block your SMB ports or disable SMBv1.
According to CERT-In, once a system in a network has been attacked, the ransomware can spread to other computers in the network. It is also spreading through attachments to emails. It is advised that when a system is attacked, the user disconnect the system from the local network to avoid the infection spreading to other computers. The RBI has given instructions to the banks in India to update the Microsoft patch to protect their systems against potential threats. Most of the ATMs in India have their services limited to dispensing cash on demand and checking account balance. This prevents the ransomware from attacking these ATMs.
A cyber security researcher has discovered a ‘killswitch’ to prevent the spreading of WannaCryransomware. He found that registering a domain name used by the malware stops it from spreading. However, the criminals can change the code and make attempts to attack again. So all computer users should remain wary.