ransomeware and WannaCry (WanaDecrypt0r, Wanna Decryptor)

Ransomeware holds your data for ransom by encrypting it then demanding a payment to unencrypt it.  If you don’t have a backup of your data or pay the ransom, you loose your data.  Your data includes all photos, videos, music, art, documents, financial and business data, in other words everything that you care about stored on your computer.

This version of ransomeware, WannaCry, was launched Friday May 12, 2017 and has infected more than 200,000 computers in 150 countries.  It asks for a payment of $300 or more for you to get back the data it has stolen. (1)

Screen capture of WannaCrypt

Screen capture of WannaCrypt

Example of WannaCry in the wild - at a train station in East Germany.

Example of WannaCry in the wild – at a train station in East Germany.

This virus attacks Microsoft Windows Computers.  Microsoft says that if you have the Windows Updates of March 2017 or later installed and Microsoft Antivirus you are probably not at risk. (2)  Most of the computers affected so far are on business LANs and have not been updated recently.

To protect yourself from this and other viruses, make sure your Windows and antivirus are up to date and automatically updating.

The Windows Update that you need

Check that you have the minimum required Windows security update by looking for it in Windows Update – Type Windows Update in your search box, Click on Windows Update, Click on Review your update history and look for an entry that reads something like

  • March, 2017 Security Monthly Quality Rollup for Windows …
  • 2017-05 Security Monthly Quality Rollup for Windows …

MS_windows_update_showing_March,_2017_Security_Monthly_Quality_Rollup window_update_2017-05_Security_Monthly_Quality_Rollup_for_Windows

Note the inconsistent naming.  Rollups are supposed to include previous months patches.  Also this particular SMS bug was patched singly by Security Update for Microsoft Windows SMB Server (4013389) described in Microsoft Security Bulletin MS17-010 – Critical March 14, 2017.

Suggestions to avoid viruses

Do not open attachments, links or documents in emails that you do not completely trust.

Keep your computer up to date – enable updates for the operating system and all software.

Use an antivirus and enable updates for it.

Back up your important data.

Notes

Ransomware has been around for a couple of years and will never go away, only get worse.

Microsoft has even offered a patch for this problem for the long shunned Windows XP.  Microsoft may be allowing some patching for “not genuine” copies of Windows.

This ransomware leverages code written/purchased/hoarded by the NSA which was stolen and released to Wikileaks.  This is a good example of why no government or organization should hoard bugs for their personal gain.  The responsible thing to do with bugs is to disclose them to the vendor so that they can be fixed to keep us all more secure.

Linux (and Unix variants OS X, iOS and Android) were not affected.  Just saying.

This ransomware leverages a bug in SMB to spread through a network.  A good router will block SMB traffic from the Internet to your LAN.  If a computer on the LAN gets infected it can infect every computer on the LAN.  The first computer usually gets infected by the user opening a phishing email and installing the virus on their computer from where it spreads.

Businesses will often delay updates to computers on their networks because they are afraid that the update will adversely interact with their critical business software.  Thousands of businesses just got bit in the ass because of this.

Backups are the only way to protect your data from any calamity.  The more important the data, the more copies you need, stored in more places.

References

(1) https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

(2) http://winsupersite.com/windows/worried-about-global-security-breach-heres-whether-you-should-freak-out

A technical deep dive – https://www.bleepingcomputer.com/news/security/wannacry-wana-decryptor-wanacrypt0r-info-and-technical-nose-dive/

This entry was posted in Uncategorized and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>