wannacry, shadow brokers, mirai, DDoS, cybersecurity-vdos-akamai-dos-attack, cyberattack
WannaCry or WannaCrypt, the global ransomware attack, has affected over 150 countries till date. Ransomware, unlike malicious attacks, prevents the users from accessing their own data, unless a ransom is paid to the creator. How?
It generally affects your systems by locking it, encrypting the data on it and preventing the softwares from running. In a bid to get the files decrypted, the victims are asked to pay a ransom payment, here, they are asked to pay in Bitcoins.
The hackers are leveraging a Windows exploit that was deployed by US’ National Security Agency called EternalBlue. The leak was later released by a hacking group named Shadow Brokers about a month ago.
Asia is expected to feel the impact today when professionals turn on their computers and check e-mails. There are a few advisory actions that SingCERT, (Singapore Computer Emergency Response Team), has issued:

Why should you be concerned?

The exploit can penetrate into machines that are currently running unpatched version of Windows through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server.  The ransomware attacks have the capacity to spread over the network by scanning for vulnerable systems, and in turn, infecting them.

How can you pre-empt it?

Microsoft has stated that it “released a security update which addresses the vulnerability that these attacks are exploiting” in March. Also, it had advised users to update their systems to deploy the patch for the vulnerability (MS17-010). If you haven’t done this yet, update your systems now.

Also, be suspicious of uninvited documents that you receive through email. Unless the source is not verified, do not click on the links inside these documents.

Whenever there is a possibility of getting hit by ransomware infection, do ensure that you create a backup of your important files and documents. This, later, will help you restore them when needed.

Also, make sure that you run an active anti-virus security suite of tools on your system, and browse the Internet safely.

What to do if you are affected?

Okay, if your system already seems to be infected with WannaCry, first of all, as of now, you should know that there are no known way to recover files encrypted by this ransomware attack. But SingCERT advises you to immediately follow these steps:
  1. Remove the Network connection from your Computer. This could be done by removing your network cable or shutting down the wireless function on your computer. This will help you to prevent this ransomware from spreading.
  2. Start rebuilding your affected computer, be it laptop or workstation.
  3. Once you have rebuilt the infected workstation before patching it with the recommended patch, restore your system from the backup you have made.

If you have further queries or require any kind of assistance, reach out to SingCERT.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.