We are all constantly under the potential threat of malicious software (malware) that could disrupt the working of electronic devices, endanger our data and privacy, add unwanted content, and otherwise cause harm. Malware is developed to stealthily steal information, disable or harm data and hardware or add intrusive, unwanted adware. Apart from the usual worms, viruses, adware and so on, we now have to deal with something called Ransomware. The recent attack on the National Health Service in England has brought this threat into sharp focus. Messages you probably received via WhatsApp about ATMs being shut also refer to this. Read on to know more.
This again, is malicious software created to carry out “cryptoviral extortion attacks from cryptovirology”. If that sounds incomprehensible, here is the simple explanation: ransomware is a virus that locks access to data until the payment of a ransom. So data is locked and a ransom message is sent. When the ransom is paid for decrypting the virus, the data is (presumably) made accessible. Like many other viruses, ransomware enters the system posing as a legitimate file, using misleading Trojans.
Also known as WannaCrypt, the WannaCry ransomware attack is the latest in a series of attacks; previous examples being Reveton, CryptoLocker, CryptoWall, Fusob and so on. In May 2017, about 75,000 users in 99 countries became victims to WannaCry attacks. They received ransom messages in 20 different languages; demanding $300 in Bitcoins along with the threat to double the ransom demand. Later reports suggest that the attack may have spread to 150 countries as new versions of the malware have surfaced.
Spam emails or social engineering are leveraged to spread the infection. Users are tricked into downloading a malicious attachment. WannaCry then installs itself on the system and starts encrypting data. This 24 hour map displays the spread of the virus. The worm also infected Telefonica, one of Spain’s largest companies, FedEx as well as computers in Russia, Taiwan, Ukraine, India and several other countries. There are warnings that things could get worse.
The British health national health service was hit; PCs and data were found locked up and held to ransom. Large numbers of computers in the health services network were infected in about 6 hours as the worm spread from PC to PC. Because of the attack, many hospitals all over England had to divert emergency patients. Cybersecurity teams are working round the clock to fix systems and guard against future attacks. Meanwhile a researcher in England found a kill switch in the malware and was able to halt the spread of the virus.
One of the concerns that WannaCry raised immediately is the possible vulnerability of ATMs because about 80% off Indian ATMs run on Windows XP. Many ATMs were shut and remain shut in order to prevent potential attacks. In many others, apart from checking account balance and permitting cash withdrawals, other activities are blacklisted so the ransomware cannot attack the ATMs. So ATMs are safe for the time being.
If you use Windows, update your system and install the security patch Microsoft has issued to protect against the worm. Update your antivirus systems, most of the reputable ones have come up with detection and blocking functionalities. You can also enable Windows Defender to protect your system against WannaCry. Remember to create backups of your important data and don’t open unknown emails and attachments from untrusted sources. Meanwhile take a look at this video to know how WannaCry works.
Do you have something interesting you would like to share? Write to us at [email protected]