English
New Delhi, May 16: May 12 saw one of the biggest cyber attacks in Internet history with over 200,000 computers across 150 countries getting down on its knees, locked down by an outbreak of WannaCry Ransomware raging across the Internet. A WhatsApp message that warned the users of the possible hacking if a certain video named ‘Dance of the Hillary’ is clicked on, which the Reserve Bank of India officials termed as a hoax. The software, called WannaCry, which exploited the security across countries encrypted the files and demanded a certain amount of money to unlock the files. The WannaCry Ransomware attack was such that it led to shutting down of hospitals, universities, warehouses, ATMs and banks. In this piece, here’s all you need to know about WannaCry Ransomware cyber attack, how it has created panic among the masses and how should you protect yourself from it.
As per a report published by Kaspersky Lab, as many as 45,000 cyber attacks were carried out in 74 countries across the world in just a matter of few hours. In the first few hours, 200,000 machines were infected. While most of the cyber attacks were reported from Russia, many other countries also reported the attacks including India, Spain, Turkey, Vietnam, the Philippines, Japan, the U.S., China, Spain, Italy and Taiwan. ATMs were also shut down due to the attack. While the impact of the attack slowed down after 24 hours but the governments have been issuing warnings to prevent future attacks.
Okay, here is an IDR based heatmap for WanaCrypt0r 2.0 ransomware (WCry/WannaCry) which covers exactly 24 hours from the explosion of it. pic.twitter.com/03ApsH5zGd
— MalwareHunterTeam (@malwrhunterteam) May 13, 2017
Ramsomware is software that locks a computer blocking access to it and encrypts computer files until a certain amount of ransom is paid. Here, the attack was first reported on May 12 in around 45 countries and the attackers demanded 300 to 600 Dollars in bitcoins, the online cryptocurrency, for each computer to give access to digital files.
The attackers designed a malware called WannaCry which locked down the targeted machines encrypting its data and refusing access to its owner until he pays the demanded ransom. The first case of Ransomware was reported in 2005 in the United States. (Also Read: 45,000 cyber attacks in 74 countries; computers in British hospitals, Spanish firms including India down)
WannaCry, also known as Wanna Decryptor, is a program that is used by the attackers to lock the documents and data in the targeted systems leaving the user with only two files: (a) What to do next to get access to their data (b) the Wanna Decryptor program.
When users click on the software, it tells them that their files have been encrypted. It gives them a few days to pay a certain amount in bitcoins and if failed, their files will be deleted. It asks them to pay in bitcoins, gives them instruction on how to buy it and a Bitcoin address to send the payment to.
One of the messages received by a victim read: “Your files are encrypted. To get the key to decrypt files you have to pay 500 USD.”
To infect a new computer, the WannaCry program contacts the web address. The WannaCry is programmed in such a way that it terminates itself if it manages to get through.
It holds down systems is normally within an attachment to an email or files. As it masquerades an something harmless, many people end up clicking on it. Once clicked, it encrypts the hard drive, making it impossible for the user to access the files and other documents stored into it. (Also Read: WannaCry Ransomware threat: RBI advises banks to operate ATMs only after software update)
It is not new. The threat traces back to 1989, when it first emerged on floppy disks sent to unsuspecting computer owners. While it gained momentum in 2014, the worst ever attack was reported in 2016 when nearly 40,000 cyber attacks were reported every day.
There is no need to pay any ransom to get access to the documents and data stored in your systems. “This particular ransomware is correctly identified and blocked by 30% of the AV vendors using current virus definitions. It is correctly handled by both Kaspersky and BitDefender,” said Phil Richards, the CISO at Ivanti. The way you can protect yourself is by installing any and all available security updates immediately. There is currently no fix for WannaCry.
Many people across the country have been getting messages that warned them that the ATM machines across the country will stay shut for a few days and that they should prevent any online transaction or shopping till the issue of Ransomware is fixed. While the Reserve Bank of India rubbished the rumours, it said that they have been keeping a close watch on the latest cyber attack.
The message reads: Please inform all contacts on your list not to open a video called the ‘Dance of the Hillary’. It is a virus that formats your mobile. They announced it today on BBC video. Fwd this msg to as many as you can!
The warning that may WhatsApp users have received on their mobiles is a hoax. There is no mobile phone virus threat like the one called ‘Dance of the Hillary’. It’s just a mutated form of the ‘Dance of the Pope’ virus. In fact, there have been no such announcements like such by BBC. ‘Dance of the Pope’ message read: Tell all contacts from your list not to accept a video called the dance of the Pope. It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on the radio. Pass on to as many as you can. It was announced on the radio in USA.
“Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14. Unfortunately, it appears that many organisations have not yet installed the patch.” On Saturday, many hospitals in England had to divert their ambulances, doctors were forced to turn away appointments patients after computer systems in the state-run health service were crippled by a cyber attack by Ransomware.
For breaking news and live news updates, like us on Facebook or follow us on Twitter and Instagram. Read more on Latest India News on India.com.
