We discussed the new malware “WannaCry Ransomware” in my previous article. It has attacked hundreds of systems from all over the world till now. NSA-derived ransomware is targeting the hospitals and other organizations whom entire working processes are based on computer.
The WannaCry Ransomware is shutting down computers and locking their databases. Then they will ask you to pay them few bucks in Bitcoin to get your system and data back.
How WannaCry Ransomware Works:
Currently, 74 countries are on the target of this malware including our beloved one Pakistan. Moreover, the more than 74,000 attacks are recorded and collected millions of dollars from the people till now. 70% of attacks are only attempted in Russia.
Those attacks cause encryption your PC data. The virus will also drop a decryptor tool on your system. Now your system is under attacked or you can say that it is hacked now.
When you open your system or the file which is hacked on your PC, a new message box will appear with the message “Ooops, your files have been encrypted”. They will be asking for about $700 or more in Bitcoin with their Bitcoin address on the screen.
They will be asking you to send $300 or $600 worth Bitcoin to their wallet address. The demand and accept money only in Bitcoin because it is not difficult but impossible to trace.
Don’t worry about losing your bucks. The guarantee you that all of your files will be recovered safely once after you pay them the full amount they are demanding. Their service of WannaCry Ransomware is actually good. They offer you to recover/decrypt few of your hacked files for free.
However, Their demand will be double if you don’t pay them in 3 days. And, after giving you the few chances and increasing the demand, they will wash all of your data at the end of the day, if you don’t pay them.
Don’t understand English? No problem, you can also translate it to your local language. The developers of this NSA-derived ransomware are really nice. They tried their best to facilitate the victims.
To keep the victim alert, they keep changing the theme time by time with the instruction how to pay them and decrypt your data. The malware is using simple Latin page code CP1252 and contains no reference about the hackers and developers of the tool.
WannaCry Ransomware can attack any of extensions from your PC including .bat, .ps1, .vbs, .dip, .dch, .sch, .brd, .jsp, .php, .asp, .java, .jar, .class, .mp3, .wav, .swf, .fla, .wmv, .mpg, .vob, .mpeg, .asf, .avi, pdf, ott, odt, doc, docx and any other format. .ppt, .doc, .docx, .xlsx and .sxi are the most popukar document format they attack mostly.
Defend WannaCry Ransomware:
Now let’s talk about how to defend and keep your system safe if you are not under attack yet. Microsft took action immediately once after the gain of attacks. Below are the few factors which can help you in defending this malware.
1. Update Your Window Right Now:
You need to keep your PC/laptop up to date. Recently, Microsoft released a new update which helps the users in defending the WannaCry Ransomware. If you are using Windows 7/8 or above then update it right now to fix the issue back.
Before installing them on your PC, do check if they are already installed. Go to the Start > Control Panel > System and Security of your PC. Now click on the view installed updates link under the Windows updates option.
2. Turn On Automatic Updates:
Most of the Windows users including me used to disable the automatic updates which are really dangerous. If you are one of us, turn on it right now. Just like the Microsoft recently released the fix up for this problem and if you had turned on automatic updates then you don’t need anything else.
3. Install a Window Defender:
There is a bunch of Windows defenders(Anti-viruses) are available online. If your system is out of date and also don’t have an active defender install on it then your system is at full risk. Go to the Utility settings of your PC and see if there is any virus attacked and threats to your PC.
If you don’t have enough knowledge about Windows defender and unable to buy a paid one then Cybereason Ransomfree could be best for free. It is specially designed to block the malware like WannaCry.
4. Disable SMB 1 & 2:
MalwareTech recently updated that disabling SMB 1 & 2 could protect you from NSA-derived ransomware.
- Go to the Control panel>Programs and Programs features settings.
- Uncheck the SMB1.0/CIF Files Sharing Support box.
- Now restart your computer and download SMB2 Tools Disable from here.
- Right click on the downloaded file and select “Run as administrator”.
- A new message “SMB2 is currently enabled” will appear.
- Restart your system and check it again, now it will be disabled.
These factors are good enough to protect you from WannaCry Ransomware. The virus is currently attacking Windows only so it won’t hurt smartphones and Mac devices. Also, you can block port 445 to ensure the security.