BlogsCyber crimeHow to'sSecurity

How to Secure Yourself From WannaCry

By January 31, 2018 No Comments
secure yourself from wannacry

Sharing is caring!

How to Secure Yourself From WannaCry ? Unless your are caveman, you already heard about WannaCry. This Ransomware infect over 150 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. This WannaCry Ransomware  affecting various organizations and consumer with reports of tens of thousands of infections in over 150 countries. The software can run in as many as 27 different languages. So let us tell you how to secure your self from WannaCry.

How to Secure Yourself From WannaCry

 

What is WannaCry ?

First  let’s clarify exactly what WannaCry is. This malware is a type of trojan virus called “ransomware.” As the name suggests, the virus in effect holds the infected computer hostage and demands that the victim pay a ransom in order to regain access to the files on his or her computer.

Am I at risk ?

The WannaCry ransomware inffects machines running the Windows operating system. This security flaw that was originally exploited by the U.S. National Security Agency (NSA) later leaked earlier this year. Hackers are now using this.

If you or your organization is running a version of Windows, you could be at risk.

What exactly does WannaCry do ?

RansomWare like WannaCry works by encrypting all of the files on a user’s computer. Then, the software demands that a ransom need to be paid in order to have the files decrypted. The software demands that the victim pays a ransom of $300 in bitcoins at the time of infection. If the user doesn’t pay the ransom without three days, the amount doubles to $600. After seven days without payment, WannaCry will delete all of the encrypted files and all data will be lost.

 

WannaCry ransomware

 

Analysis by Us-CERT

Three files were submitted to US-CERT for analysis. All files are confirmed as components of a ransomware campaign identified as “WannaCry”, a.k.a “WannaCrypt” or “.wnCry”. The first file is a dropper, which contains and runs the ransomware, propagating via the MS17-010/EternalBlue SMBv1.0 exploit. The remaining two files are ransomware components containing encrypted plug-ins responsible for encrypting the victim users files. For a list of IOCs found during analysis, see the file.

Displayed below are YARA signatures that can be used to detect the ransomware
rule Wanna_Cry_Ransomware_Generic {
meta:
description = “Detects WannaCry Ransomware on Disk and in Virtual Page”
author = “US-CERT Code Analysis Team”
reference = “not set”
date = “2017/05/12”
hash0 = “4DA1F312A214C07143ABEEAFB695D904”
strings:
$s0 = {410044004D0049004E0024}
$s1 = “WannaDecryptor”
$s2 = “WANNACRY”
$s3 = “Microsoft Enhanced RSA and AES Cryptographic”
$s4 = “PKS”
$s5 = “StartTask”
$s6 = “[email protected]
$s7 = {2F6600002F72}
$s8 = “unzip 0.15 Copyrigh”
$s9 = “Global\\WINDOWS_TASKOSHT_MUTEX”
$s10 = “Global\\WINDOWS_TASKCST_MUTEX”
$s11 = {7461736B736368652E657865000000005461736B5374617274000000742E776E7279000069636163}
$s12 = {6C73202E202F6772616E742045766572796F6E653A46202F54202F43202F5100617474726962202B68}
$s13 = “[email protected]
$s14 = “[email protected]
$s15 = “Global\\MsWinZonesCacheCounterMutexA”
condition:
$s0 and $s1 and $s2 and $s3 or $s4 and $s5 and $s6 and $s7 or $s8 and $s9 and $s10 or $s11 and $s12 or $s13 or $s14 or $s15
}

 

How NSA is Involve ?

hacking group, which obtained files from the NSA, has been releasing parts of the agency’s hacking tools.

As well as the WannaCry ransomware being seen in the UK, it has appeared in hundreds of countries around the world. CERT, the computer emergency response organisation, issued an alert saying it had seen a “massive attack of ransomware” from WannaCry.

The vulnerability (MS17-010) is linked to Microsoft machines and can affect Windows Vista, 7, 8, 10, XP and versions of the Windows Server software. Microsoft initially announced the vulnerability on March 14 and recommended users patch their devices.

 

Affected organizations

The following is list of organisations confirmed to have been affected:

  • Andhra Pradesh Police, India
  • Aristotle University of Thessaloniki, Greece
  • Automobile Dacia, Romania
  • Cambrian College, Canada
  • Chinese public security bureau
  • CJ CGV
  • Dalian Maritime University
  • Deutsche Bahn
  • Dharmais Hospital, Indonesia
  • Faculty Hospital, Nitra, Slovakia
  • FedEx
  • Garena Blade and Soul
  • Guilin University Of Aerospace Technology
  • Guilin University Of Electronic Technology
  • Harapan Kita Hospital, Indonesia
  • Hezhou University
  • Hitachi
  • Honda
  • Instituto Nacional de Salud, Colombia
  • Lakeridge Health
  • LAKS
  • LATAM Airlines Group
  • MegaFon
  • Ministry of Internal Affairs of the Russian Federation
  • Ministry of Foreign Affairs (Romania)
  • National Health Service (England)
  • NHS Scotland
  • Nissan Motor Manufacturing UK
  • O2, Germany
  • Petrobrás
  • PetroChina
  • Portugal Telecom
  • Pulse FM
  • Q-Park
  • Renault
  • Russian Railways
  • Sandvik[111]
  • São Paulo Court of Justice
  • Saudi Telecom Company
  • Sberbank

For More list of Affected Organization 

 

Techyuga Experts Tips to secure yourself from WannaCry !!

For Organization & and Common User

Step 1: Apply the latest Microsoft security patches for this particular flaw.

Step 2: Back up key data.

Step 3: Ensure all outgoing and incoming emails are scanned for malicious attachments.

Step 4: Ensure anti-virus programs are up to date and conducting regular scans. (e.g  McAfee ,Avast Antivirus.)

Step 5: Educate employees on identifying scams, malicious links and emails that may contain viruses.

 

What should You do if already been attacked ?

1.For individuals, it might be worth contacting IT Support or if you are from Kolkata You can Contact Us

2.Do not pay the ransom demanded by the WannaCry ransomware

3.Analyse and Sanitize  your Pc or Laptop by IT Support or else by us.

 

WHAT MAKES TECHYUGA DIFFERENT FROM OTHER

TECH SUPPORT

 

  1. In Home Support: You don’t have to roam around repair shops to fix your device issue. One can simply a book technician by filling up the form on our site or by a live chat with our engineers and schedule an appointment at his/her convenience. And our engineers will attend you on given time at any given address in Kolkata.

 

  1. Technical Expertise: All our engineers are certified and authorized to work on any device whether  it is a laptop or smartphone repair . Our engineers have got the technical expertise to resolve any hardware/software issue onsite.

 

  1. Maximum Availability: Our support team is always available 24 hours a day via phone, live chat, and email in our service center in Chinar Park. It means, any time you have any doubt or any question, you can simply visit techyuga and live chat with our support assistant.

 

Our engineers are available to attend you anytime between 8 AM to 10 PM. Most of the days, our engineers have to work up to 2 AM at customer’s home to fulfill their requirements. And we are happy to see, how much people respect our dedication. Call us on 9088888835 or Live chat with our certified engineers and get instant help right away.

 

Sharing is caring!

AK Azad

Author AK Azad

Technology has always been astounding for him. A Biker by Heart ,Loves to travel, always has an eye out for new technology. Loves to share info on new tech with everyone. An Operation Manager turned Digital Marketer Also A Computer Science Engineer.

More posts by AK Azad

Leave a Reply