5 things about Wanna-Cry Ransomware attack and How to avoid becoming a Victim
That the hacker can have control of your data on your computer and can even demand ransom for it has become a horrifying reality with the WannaCry ransomware attack that was uncovered on Friday.
So, what is WannaCry?
WannaCry is a ransomware program targeting Microsoft’s windows operating system has evidently impacted over 10, 000 organizations and 2, 00, 000 individuals in 150 countries.
Ransomware is a program that can enter into your computer and if you click unknown documents or programs it can keep you from using or accessing your data until you make a payment to the cyber criminals.
The WannaCry program codes your files and needs payment in bitcoin in order to regain access to.
WannaCry is not simply a ransomware program, it is also a worm. This means that it gets into your computer and looks for other computers to try and spread itself as far and wide as is possible.
Ransomware also changes with time finding different ways to access computers. WannaCry used a vulnerability in the Windows operating system with the hackers likely by using a part of NSA(National Security agency) code released last month.
How to prevent an attack
The Computer Emergency Response Team of India (CERT-In) has issued a red alert about the ransomware.
Regarding the Hindustan Times, experts said India is vulnerable as huge numbers of computers in the country run the Microsoft’s older operating systems like XP, and have not been updated yet. The CERT-In has advised users and organizations to utilize patches to Windows systems as mentioned in Microsoft Protection Bulletin MS17-010.
It added that WannaCry was aimed towards common file extensions such as ppt, doc, and tiff, along with media files such as MP4 and MKV files.
CERT has also charted down a set of steps to avoid ransomware attacks such as performing regular backup of most critical information to limit the impact of data or system damage and not to open attachments in unsolicited emails, even if they come from people in your contact list, and not click on an URL within an unsolicited e-mail, even if the link seems harmless.
“Another way to prevent these attacks is to disable the ‘.fmb’ service on the computer. This is a service which is present in the computer and can make the system unprotected to these attacks. For the computers which have been damaged by the malware, and they do not want to pay the ransom in bitcoins, they should delete all the information and start again. There is no other way to get out of it. There are applications which can discover the ransomware but there is no technology as yet which can give the data back, ” Rizwan adds.
The CERT-In has suggested maintaining of updated Anti-virus software on all systems, follow safe practices when browsing the internet, disable remote control desktop connections, permit personal firewalls on workstations, among others.
“The first thing to do to protect all the data is to frequently backup all the data on my computer system depending how much work you do. That data should be stored off-line on a hard disc. Even cloud backups are not recommended when considering to this ransomware, ” Mukesh Choudhary, a Cybersecurity Expert from Hicube Infosec Pvt Ltd said.
Cyber security experts are imploring users to not click on attachments received from unknown persons.
“If you receive an email from an unknown person or source with a connection and also you want to start it, use a system with a separate net connection. This is because if one computer (which, along with 50 other computer systems are a portion of the same internet connection), gets infected by the ransomware, all the other computers could get infected and all the data could be lost, ” Mukesh Choudhary said.
India is also vulnerable due to the widespread use of the duplicate software.
“Do not use any pirated software on the computer. This interferes up with the security system in the computer and makes it susceptible to attacks, ” Mukesh Choudhary says.
The CERT-In has also advised individuals or firms against paying any ransom as there is no evidence of this ensuring that their files will be released. Instead, they have asked anyone damaged by the attack to record such instances to CERT-In and law enforcement organizations.