What is Ransomware – “WannaCry”?
A widespread ransomware campaign was discovered on the morning of May 12th 2017. This particular ransomware goes by the name “WannaCry”. It has now spread globally to over 100 countries, some of which include, the United States, United Kingdom, Europe, Japan, Taiwan & Singapore. This ransomware spreads over a network by scanning for vulnerable systems. It then encrypts system files, only decrypting files after extorting a ransom payment of .01781 bitcoins (approx 300USD).
Enterprises and users can be infected via a few channels. The hackers behind “WannaCry” gain access to enterprise servers via Remote Desktop Protocol (RDP) compromise or leverage on a Windows exploit code-named EternalBlue. According to open sources, infection can also be spread through phishing emails.
- Windows XP
- Windows Server 2003
- Microsoft Windows Vista SP2
- Windows Server 2008 R2 SP1 and SP2
- Windows 7
- Windows 8
- Windows 8.1
- Windows RT 8.1
- Windows Server 2012 R2
- Windows 10
- Windows Server 2016
What can I do to protect myself from WannaCry?
- Install the latest Microsoft security update to patch your computer’s operating system (Patch ID: MS17-010)
- Do not open attachments or links in your emails from unknown sources, especially zipped or packaged files (.zip, .rar, .jar etc), executable files (.exe), strange Word documents and PDF documents
- Be wary of visiting unsafe or unreliable sites, especially sites with excessive pop ups
- Never click on links that you do not trust, or install any programmes or applications from websites and/or developers that you do not trust
- If you receive any links or files from a friend out of the blue, check with your friend before opening or installing the files
- If you have received an email from banks, online payment merchants (such as Paypal, Alipay etc), always check if the company name is spelled correctly, and the domain name of the email matches that of their main webpage. For example, run a quick search for DBS Bank, and the first search result shows their domain name to be dbs.com.sg, if the sender’s email address does not match that same domain, it is very likely intended to be an attempt at cyberattacks or defrauding
- Back up your important files regularly
- Keep your Operating Systems and Anti-Virus software up to date
- Avoid downloading and installing pirated or cracked software, as they often include some variant of malware
What can I do if I have been affected by WannaCry?
- Disconnect your computer from the network (by removing your LAN cable or turning WiFi off). This would prevent the spreading of “WannaCry”
- Do a clean install of your Windows operating system & patching it with recommended patch
- Restore your system from any backup you have made