Now, this is a major malware outbreak. It’s been quite a long time since any malware outbreak of such caliber has happened – but this time, it’s a ransomware called WannaCry. If you’re infected, then your files are probably gone. It’s just not worth trying to salvage them at all, actually.
In case you don’t know what’s a ransomware, it’s pretty much like kidnapping but for your files. In this case, it takes all your files and encrypts them so you don’t have access to those files as it has been radically changed with a secret code. If you want to get your files back, then you’ll have to pay them to get the decryptor so that your files can be reverted back with that secret code.
Even if you do pay, I highly doubt that they’ll give you the decryptor anyway. So I highly recommend you not to pay and take it as a lesson to properly backup your files. Like the WD DL2100, WD My Book, or the Transcend StoreJet Cloud 110K.
Truth is, you can never have too many backups.
Security experts have associated this attack with the recent leak on NSA’s big list of exploits. This obviously includes backdoors that the NSA can use to run scripts and to spy on any users around the world. Microsoft has even confirmed that there were exploits that they didn’t know exists, but were on the NSA’s big list of exploits!
you can never have too many backups
WannaCry has spread across the globe and gained overnight fame as it first was reported to have infected over 70 countries, and now a total of 99 countries. This number will only grow larger if nothing is done. Luckily, you can do something to protect yourself from this shitshow.
So here’s how to protect yourself from this WannaCry ransomware. If you already got the latest Windows Updates from Microsoft, you’re fine. Just double confirm that you have these two patches – KB4012212 and KB4012215.
it first was reported to have infected over 70 countries, and now a total of 99 countries
If you already have these two installed, you’ll be fine. Though I have to say, it seems like the Microsoft servers are being hit with heavy traffic now. None of the downloads are even starting.
What a perfect way to ruin IT firm employees’ all over the world. I mean, they literally WannaCry now. Please cringe after reading that bad pun, because I’m working at an IT firm too. Literally, makes me WannaCry.
“Well done Microsoft and NSA”, said sarcastically.
[UPDATE] : WannaCry 2.0 is out there
Let me briefly run you through what is WannaCry 1.0 that was released on Friday is about. It’s still a ransomware, but for some reason, the ransomware pings a specific domain. Because of how certain sandbox environment (virtual machines) work, this domain pinging method is a way to check if it’s running in a sandbox environment. There’s no point in ransoming a sandboxed environment, so it won’t run there.
With that domain now pinpointed, the next course of action is registering that domain. Once it’s registered, the WannaCry 1.0 was essentially told that it exists in a sandboxed environment in a global scale, thus stopping the ransomware entirely. This is called a “sinkhole”, which captures every malicious traffic and renders them completely useless.
This was discovered by someone by the name of MalwareTech – and thanks to him, WannaCry 1.0 was stopped entirely. You can learn more from his detailed findings here.
However, there has been confirmation on WannaCry 2.0 here by Sophos where they had removed the domain checker/pinging and ransoms sandboxed environments too. If that really happens, the only way to stop this ransomware is by installing the latest Windows Updates. This is obviously much easier said than done for large- or even medium-sized organizations.
Microsoft has already provided us the updates – so just install them, will you?