For the past week, thousands of computer systems around the world has been plagued with a ransomware called WannaCry. But what does it do?
What is a Ransomware?
A Ransomware is a type of malicious software that is used by hackers to encrypt all your files. The key is then sent to the attacker then deletes any trace of it in your computer, making it virtually impossible to decrypt. Hackers demand victims to pay ransom money in exchange for the key for you to gain back access to your files. The ransomeware used in the recent attacks was called “Wanna Decryptor” or the “WannaCry” Virus.
What is the WannaCry Virus?
The WannaCry Virus targets Windows operating systems. It encrypts all of your files and blackmails the user for money in exchange for regaining access to the said files. The ransomware is classified as a worm, which means that it doesn’t need to install itself in your computer. It activates itself remotely in a network and infects other systems in the network.
The Hackers who are responsible for the ransomware is asking for $300 in BitCoin as payment for the decryption key. The BitCoin wallets that is used to receive payments are routed through the Dark Web and cannot be traced.
Where did it come from?
It is speculated that the root cause of it is the NSA (National Security Agency). The NSA had hacking tools that exploited vulnerabilities in the Windows system. These vulnerabilities, that not even Microsoft is even aware of, are exploited to gain access to the system. Now why would the NSA have these tools? To spy and survey users of course.
A hacker group called The Shadow Brokers are said to have obtained these hacking tools without the NSA’s knowledge and leaked it to the world. Now that the information is in the internet, it is speculated that the creator of the WannaCry virus has modified it with the hacking tools and released it.
This has been the biggest and widespread malware outbreak security experts has ever seen, infecting tens of thousands of systems from over a hundred countries. And the scariest part about this ransomware is that it is still currently spreading.
— Edward Snowden (@Snowden) May 12, 2017
What to do when your system is infected?
If you find your system infected with the WannaCry Virus, you’re pretty much screwed. Either you pay the ransom, or just give up on your files. Even if you pay the ransom, there is no guarantee that the attacker will follow through and send you the key to decrypt the files.
Now you might try to Google on how to get rid of the ransomware but chances are, those links will just infect you with more malware. If you do find yourself infected, just count the data as lost and remove the computer from the network so it won’t infect more in the network.
How to protect your system?
Prevention is always better than cure, so it’s best to prevent this from happening that finding a fix for it. Microsoft has already released a patch for the security vulnerabilities. Download and install all the available updates in Windows. They even released patches to their unsupported products such as XP, Vista, and Windows 7. It is also a good idea to update your anti-virus software, as well as it’s virus definitions.
It is also best to backup all your important files to a separate disk/drive that is not physically connected to your computer. In fact, it is best to make it a habit to back up your files periodically.
The WannaCry virus is such a big deal that it has already infected government and financial institutions, even hospitals. There are no reports that a system from the Philippines have been hit as of yet, but it is still better to be safe than sorry.