Ransomware, as the name suggests, it is an add-on or add-ware that infects your PC and asks you for ransom in return to uninstall it. That being quick, your whole PC locks up and there’ll be little much that you could do to recover your data. Along with that, all your data will be in the hands of the hacker, so he can do anything with that. The world has just seen the biggest ransomware attack which spread into at least 99 countries and affecting 57,000 PCs. Here, I am going to depict the theory about what and how of this ransomware.
What is it?
We do not know the source as per now who started spreading it but what we know is, it is the common phishing attack that will be released on the victim’s PC. It is known to be spreading with the name “WannaCry”, “WanaCrypt0r 2.0”, and “WCry”. It may infect your PC in different methods. One such way is via email where they are sending attachments and as soon as you open it up, you’ll be infected already.
What does it do?
As earlier said, once it enters into a computer, it locks up all your files and encrypts them in a way that you won’t have access to them at all. Moreover, it pops up a demand for you to pay them in Bitcoin so that you can get back the access. It demands up to $300 in Bitcoin to be paid to a certain ID. See how much work did they do to lock these up in such a way!
What shall I do if I get infected?
Unfortunately, there’s nothing much you can do. Even if you pay the demanded amount, there’s no guarantee that you’d get back your whole data.
The vulnerability was found in the older versions of the Microsoft’s Windows and not in the latest version of the patch that was released in March. So, some users get hope here after all, and Mac users need not be worried at all! The only thing is that not many of the users always keep their versions up to date because you know how annoying the Windows updates are.
Is it possible to remove it?
There are slight chances that you can remove it if you have any advanced anti-virus programs or by entering into safe mode and removing those files manually. If there’s any other thing to remove it, we’ll keep you updated.
Who’s behind this attack?
From the sources found on the Telegraph, it is believed that a group of hackers called “Shadow Brokers” are responsible for this attack. They have previously revealed in April that they have stolen a ‘cyber weapon’ from the NSA (National Security Agency) of the United States of America. The tool which is called the ‘Eternal Blue’ gives all the access through every Windows system
The tool which is called the ‘Eternal Blue’ gives all the access through every Windows system was developed by the NSA to gain access to terrorists and other countries computers. And yes, Edward Snowden has something very interesting to talk about the NSA.
If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3
— Edward Snowden (@Snowden) May 12, 2017
In light of today’s attack, Congress needs to be asking @NSAgov if it knows of any other vulnerabilities in software used in our hospitals.
— Edward Snowden (@Snowden) May 12, 2017
So, the tool ‘Eternal Blue’ is what they have taken help from, to make this ransomware.
How to protect yourselves?
Update your systems ASAP! And that’s not it, you should be very careful from who you get the emails from. If you find it a little suspicion that the email is not from a trusted source, ‘DO NOT OPEN IT’. It turns out to be, hospital systems are the ones which are mostly affected.
It turns out to be, hospital systems are the ones which are mostly affected. Here’s what Pete Turner, from Avast, had to say about this.
“It’s critical that organizations and employees, particularly those in our most critical sectors like healthcare, start to think pro-actively about how to protect themselves from ransomware.”
Can they be caught?
As the transactions are being made in Bitcoin, it’s quite difficult to catch the culprits but it is possible. Some of the security professionals say that it is totally traceable where the Bitcoin is going to and that the investigation on the ransomware’s code will be made which will definitely lead to them.
So, all we can suggest doing is, keep your computers updated and do not open fishy emails. Every one of us ends up with these kinds of malware or trojans while browsing, clicking on some vulnerable links and finally infecting our computer. Tell us what are the anti-virus programs that you use and other precautions that you take to stop these kinds of viruses.