The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry a ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
The attack started on Friday, 12 May 2017 and within a day was reported to have infected more than 230,000 computers in over 150 countries.
WannaCry spreads across local networks and the Internet to systems that have not been updated with recent security updates, to directly infect any exposed systems. A “critical” patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack. Those still running exposed older, unsupported operating systems such as Windows XP and Windows Server 2003, were initially at particular risk but the day after the outbreak Microsoft took the unusual step of releasing updates for these operating systems too. Almost all victims are running Windows 7 or newer.
You can read about the patches here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
You can check to see if you have the correct patch here: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed
and you can download the patch here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Microsoft released an update to the Microsoft Malicious Software Removal Tool (MSRT) to detect and remove WannaCrypt malware. For customers that run Windows Update, the tool will detect and remove WannaCrypt and other prevalent malware infections. Customers can also manually download and run the tool by following the guidance here. The MSRT tool runs on all supported Windows machines where automatic updates are enabled, including those that aren’t running other Microsoft security products.
Within four days of the initial outbreak, security experts were saying that most organizations had applied updates, and that new infections had slowed to a trickle.
WannaCry will attempt to encrypt all files on all drives – it won’t directly reach out to DropBox, GoogleDrive etc though. HOWEVER. If you have dropbox, google drive etc’s agent which automatically reflects local changes to the cloud service, those agents will overwrite the files stored in the cloud with the local WannaCry encrypted files.
The good news is, most cloud services support versioning, so you should be able to recover the original files.
There are key differences between Windows and Android that keep the mobile operating system safe from WannaCry’s clutches. Even with so many different flavors of Android, including versions tweaked by phone makers like Samsung or LG, it’s unlikely that users are in for a wide-scale attack.
No comments yet.