WannaCry or Wanna Decrytor ransomware is an informatic virus that attacks Windows operating system based computers primarily (including servers) by taking advantage of system vulnerabilities exploited by Eternalblue, a tool believed to be developed by the USA National Security Agency. What is the unique effect once infected by the virus? Well, you will notice it fast. The system will show you a Popup window letting you know that your computer is infected, all your files are encrypted, and for you to recover it all, they require a ransom payment using bitcoins. Unless you make the payment, all your files will stay encrypted. The worst thing about this virus is that, if you do not pay in a certain period, the ransom payment will keep rising.
But, wait! The intention of this article is not to create panic. Even though you should panic if your computer got infected and you didn't backed up your files recently (last day or night before the infection).
But, wait! The intention of this article is not to create panic. Even though you should panic if your computer got infected and you didn't backed up your files recently (last day or night before the infection).
Your first line of defense against WannaCry is awareness, or to be conscious that anyone can get infected by this and many other viruses and cyber-attacks. What does this mean? Well, that by knowing that you can get infected, you could prevent it. Now the question is how to prevent an attack? By knowing how infections occur.
The ransomware primarily works by phishing the victims through e-mails campaign, using some sort of social engineering, and/or sending an infected file. With social engineering, the victim get a “legit” e-mail from an apparently known sender, like a credit card issuer or a financial institution letting he/her know that he/she needs to take immediate action by updating or changing some facts/data about his/her account, because his/her information has been compromised. The attacker creates this psychological urgency and the victim response the email by clicking the sent link, which could be an institution fake web page/portal that looks similar or identically to the legit institution where the victim submits the requested information (social security, birth date, postal and/or physical and postal addresses, full name, etc.). You should know that no company will request these actions by e-mail. In the worst-case scenario, they will call you directly or ask you to visit one of their branches or offices. Another thing to consider is to look carefully at the sender's e-mail address, and to check after the ampersand domain. For example, if the recipient is someone from gmail, its email domain should be johndoe@gmail.com not johndoe@ggmail.com, johndoe@jmail.com, or any sort of variations that looks or phonetically sounds like the original one. In addition, you should verify the web page address that the attacker directs you to. Let’s say that you should be on www.sapientcoach.com, but you can notice minor differences like www.saplentcoach.com (there is a lowercase "L") or www.sapientc0ach.com (there is a number "0"). Sometimes, the preferable and easiest way for attacker to get full control of the victims' computers is by sending attached files (executables, installers or images, among others), which once downloaded or ran, will infect the computer.
Another commonly used way to attack is by infecting portable storage devices, better known USB drive/pen drive. Let's say you found a portable pen drive, with 128 GB of storage capacity, and a USB type 3 model. You will think that you are so lucky and will plug it into your computer and, pum! You got infected. Never insert a found pen drive in your computer, unless it is an isolated and protected one, where you can check for viruses and infections.
So, to prevent an infection, you should follow these recommendations:
Author: Gilberto Crespo, MSCE, CDIA+, CIP, ITILv3
Computer Engineer & Technology Blogger
The ransomware primarily works by phishing the victims through e-mails campaign, using some sort of social engineering, and/or sending an infected file. With social engineering, the victim get a “legit” e-mail from an apparently known sender, like a credit card issuer or a financial institution letting he/her know that he/she needs to take immediate action by updating or changing some facts/data about his/her account, because his/her information has been compromised. The attacker creates this psychological urgency and the victim response the email by clicking the sent link, which could be an institution fake web page/portal that looks similar or identically to the legit institution where the victim submits the requested information (social security, birth date, postal and/or physical and postal addresses, full name, etc.). You should know that no company will request these actions by e-mail. In the worst-case scenario, they will call you directly or ask you to visit one of their branches or offices. Another thing to consider is to look carefully at the sender's e-mail address, and to check after the ampersand domain. For example, if the recipient is someone from gmail, its email domain should be johndoe@gmail.com not johndoe@ggmail.com, johndoe@jmail.com, or any sort of variations that looks or phonetically sounds like the original one. In addition, you should verify the web page address that the attacker directs you to. Let’s say that you should be on www.sapientcoach.com, but you can notice minor differences like www.saplentcoach.com (there is a lowercase "L") or www.sapientc0ach.com (there is a number "0"). Sometimes, the preferable and easiest way for attacker to get full control of the victims' computers is by sending attached files (executables, installers or images, among others), which once downloaded or ran, will infect the computer.
Another commonly used way to attack is by infecting portable storage devices, better known USB drive/pen drive. Let's say you found a portable pen drive, with 128 GB of storage capacity, and a USB type 3 model. You will think that you are so lucky and will plug it into your computer and, pum! You got infected. Never insert a found pen drive in your computer, unless it is an isolated and protected one, where you can check for viruses and infections.
So, to prevent an infection, you should follow these recommendations:
- Never provide personal and institutional information through e-mails or web pages.
- Check for fake portal or web pages.
- Never click on hyperlinks/content inside your e-mails, if you have doubts about its origins.
- Never download attachments from unknown recipient or emails.
- Never plug in or insert found pen drives.
- Keep your system and applications updated with latest patches and/or versions.
- Have an updated antivirus, antispam and antimalware in place.
- Keep reading news, blogs, and technology portals.
- Backup your files on a regular basis (daily, if possible).
- Check other recommendations in this blog (SapientCoach.com)
Author: Gilberto Crespo, MSCE, CDIA+, CIP, ITILv3
Computer Engineer & Technology Blogger
