Everything you need to know about the WannaCry virus that has swept the world
WannaCry or as it scoops up WanaCrypt0r 2.0 is a dangerous software virus that has sabotaged more than 75,000 computers in 99 countries as of the date of publication of this article, within a few hours on Friday afternoon.
 |
| Everything you need to know about the WannaCry virus that has swept the world |
What is WannaCry virus and how it works and how it was able to spread so fast in a few hours to infect more than 75,000 computers and communication networks !!!
How do you protect your computer and data from hacking and encrypting data? Many other questions will be identified through this blog post and will also be followed by an explanatory video and practical explanation of the work of this virus through the Matrix 219 youTube channel. But let's first get to know the touch of this classification of types of viruses.
What is the Virus Ransom Ware:
It is not the name of a specific virus as some think, but it is a type of malware that has viral activity. It is trojan and usually targets windows and rarely targets Linux.
This type of virus "RansomWare" has several characteristics including not limited to, control of device files, and the ability to exploit the device for the work of Dos Atak DDOS attack by converting the computer to botnet, it blocks the service from the user and control stomping on his device completely without controlling the protocols of internet connection.
You can learn about the most famous ransomware viruses throughout history through this blog.
RansomWare virus and extortion:
This virus encrypts the victim's personal data and is never allowed to access it and then demands a ransom from him via a text message that appears on the computer screen in exchange for sending the decryption software to retrieve the entire files.
The strength of this virus varies depending on the quality, number of files targeted and the degree of difficulty of decrypting. Here's an example of a ransom ware message for decryption software.
To learn more about the characteristics of this virus, I advise you to read this detailed blog " The most dangerous type of malware ever"
How does ransumware work?
RansomWare virus is designed to extort and demand ransom from victims who have been captured in its nets so we will give you an example of the famous Locky program in which we explain how this virus works before going into the details of our topic today about WannaCry.
Take an example, someone who downloaded a file containing this virus and when you execute it, this software encrypts all the files in the hard drive and the publicly available folder "Shared Folder" if it is connected to a local network or remotely
The beginning of the spread of the WannaCry virus:
The spread of this ransumware began in the early hours of Friday 2017-05-12, affecting more than 75,000 computers in 75 countries and 20 different languages.
The first repercussions of this virus began in Spain by infecting Telefónica Communications Network, a Spanish multinational telecommunications company covering Europe, Asia and various parts of the United States. The systems of many well-known companies such as the National Health Service (NHS), FedEx and Deutsche Bahn have also been infected with the virus.
This process is followed by multiple reports from the State of Russia confirming the injury of multiple digital systems belonging to government institutions and agencies, including: RussianInterior Ministry, Russian Emergency Ministry, MegaFon.
In the past hours the spread of the virus appeared in many Arab countries but in a narrow range, the most famous of which was Saudi Arabia and the telecommunications company STC, which was talking sushi media for days until the company refuted the news, and we do not know whether this was to keep its customers, or was it just a rumor issued by Sushial Media
This did not prevent the telecommunications agencies from warning citizens and issuing bulletins to raise awareness of the seriousness of the virus and how to deal with it, the first of which was the regulation of communications in the sister country of the UAE. "The Statement of the Tra of the United Arab Emirates on the Wanna Cry virus"
The loophole that has been exploited to spread the Wannacry virus:
Oddly enough, the WannaCry virus took advantage of the EnternalBlue loophole, which was announced last March and was launched by a hacker group called The Shadow Brokers on April 14, 2017, after it was leaked from Equation Group, which has not been identified as a group of hackers belonging to the U.S. National Security Agency or that the name is merely a sign of a collection of hacker tools.
But whatever it is, the NSA certainly has a big role to play. In an earlier blog, we mentioned its close relationship with many hacks and espionage on the dark internet.
Read more about it.
EnternalBlue loophole:
One of the windows operating system vulnerabilities that exploits the SMB "Server Message Block" protocol that is responsible for sharing files and folders in the Internet. "Read more"
Although Microsoft has released an MS17-010 update that addresses this vulnerability, millions of devices have not yet installed the update. This contributed to the spread of WannaCry in this grotesque manner.
Zero-Day Vulnerability :
Note: This attack cannot be considered zero-day vulnerability as Microsoft has already introduced an SMB 3.0 update a month ago and was designated on March 14 this year. That's about two months before the attack.
Wannacry RansomWare Mechanism:
1- The virus reaches the computer through the internet browser in several pictures, the most famous of which was an email telling you that you won a prize money and that you will get a bank transfer as shown in the picture.
2- Once the attachment file is loaded and turned on, the device files are fully encrypted.
3- The virus uses the SMB vulnerability to move to all devices connected to the network and infected with this vulnerability.
4. You see the following encryption message.
The message tells you that the data on your device has been encrypted, and you will not be able to decrypt without decryption, and hackers will prove their ability to do so by decrypting some data free of charge but if you want to decrypt all files you have to make a transfer of $300 in Bitcoin within 3 days at most. If this period exceeds this period, the amount will be doubled. If 7 days have passed without you paying, you will not be able to recover your files forever.
A counter countdown counter for the 72-hour payment period and a 7-day downtime counter appears to be the period available to try to recover files, after which you will lose your files forever.
4. The virus is connected to this "unregistered" website and is used as Kill Switch.
Where the selection of two is determined:
The first is to implement encryption in case of inaccessibility to the site, and the second is to stop the attack and decrypt if the site is accessed.
How to protect your device from WannaCry:
1- If you are a User of Windows 10 Don't worry. If you are a User of Windows 7 or 2008 Server, you must install this MICROSOFT MS17-010 update.
2- If you have a different Windows version from the previous versions, I advise you to visit this link and choose the appropriate update for your device's operating system.
3- Do not open anonymous e-mails and if this happens, avoid falling under the influence of social engineering by luring money or sex to convince you to download attachment files.
4- Avoid clicking on any of the pop-ups on the websites shortcuts links and sites.
5- Activate the Firmware and prevent access to the SMB protocle ports in its various versions.
6- Close the TCP 137-139-455 ports.
7- Close the UDP 137-138 ports.
8. Back up your important files periodically.
Why these actions after windows update?
What the research agencies have reached to combat viruses and fading software to this time is within the scope of the first version only of the Virus WannaCry, and although they try to disable kill Switch, the virus is still able to develop its work at the time of writing this article. Therefore, we are dealing only with the interface of the virus, and what happens in the BackEnd is only jurisprudence and therefore all precautions must be taken, especially in the networks of government, commercial and banking institutions, which depend mainly on databases.
Here's a blog about Microsoft's safety recommendations and how you can take precautions to avoid infecting your computer data with this virus.
