WannaCry - 'A Catastrophe without Any Borders'
"Ransomware doesn't discriminate. Hackers aren't just after financial information anymore, it's personal."
On May 12, 2017, WannaCry Ransomware, a cyber attack took over the global Cyber Space, affecting over 2,00,000 organizations in 104 different countries. Who was behind this has not yet been traced but such attacks are usually propagated through countries with the soul purpose of making money by blackmailing.
As the name suggests, Ransomware is a kind of malware that prevents or limits the users from accessing their system, either by locking the system's screen or by encrypting the user's files until a ransom is paid. The ransom demanded by the cyber criminals is normally in the form of "Bitcoin, the online cryptocurrency". As this is untraceable, paying the hackers does not ensure that the system can be retrieved.
How WannaCry Attacked
WannaCry is a specific ransomware programme that affects the files on infected Windows System and spreads virus to attack and inject the malware by using the vulnerability in implementations of Server Message Block (SMB), the standard file sharing technology in Windows systems.
WannaCrypt or WannaCry encrypts a computer's hard disk drive and then spreads laterally between computers on the same LAN. Hence the Windows installed in un-updated PC's are at the greatest risks. Mostly businesses, health organizations, banks and all other organizations with a network of computers at use are at risks.
According to the Cisco 2017 Annual Cybersecurity Report, ransomware is growing at a yearly rate of 350%. In the last year alone, Symantec identified a 36 per cent spike in ransomware attacks.
Last year, the ransomware attack at Hollywood Presbyterian Hospital in Los Angeles led to the shutdown of its computer systems and a $17000 ransomware payout.
Ransoware Damage Cost
Global Ransomware damage costs are to exceed $5 billion in 2017, a dramatic increase from $325 million. Damages have risen 15 times in the past two years and are expected to worsen according to a report by Cyber Security Ventures. The report further mentions that the ransomware attacks on healthcare organizations will quadruple by 2020.
Disney CEO Bob Iger has adopted a different way and directly contacted the FBI to recover the latest Pirates of the Caribbean Sequel.
"The estimated damage caused by WannaCry in just the initial four days would exceed a billion dollars, considering the massive downtime caused for large organizations worldwide," said Stu Sjouwerman, Founder and CEO at KnowBe4.
"Ransomware is not only about "weaponizing' encryption, it's more about bridging the fractures in the mind with a weaponized message that demands a response from the victim," said James Scott, Senior Fellow, Institute for Critical Infrastructure Technology.
"Ransomware doesn't discriminate. Hackers aren't just after financial information anymore, it's personal. We've seen movies held captive, healthcare data, financial data. Data is being used as a weapon – full stop. We can't bend or break in this world of cyberwarfare – we need to be resilient. We have to be resilient with better defenses, better planning and better training for our employees." — Robert Herjavec, Founder and CEO of Herjavec Group, a leading global information security and advisory firm.
The following can protect your system against the ransomware and create peace in the cyber world:
Step 1: Operating system updates should be enabled. The updated software covers up the patches that can be exploited.
Microsoft recently released a patch for the SMB remote code execution vulnerability (CVE-2017-0148) that WannaCry had been exploiting. It is advisable to have these patches installed in your system.
Step 2: Upon installation, disable the Server Message Block Version 1 (SMBv1) protocol
Follow the step given below disable SMBv1:
- Go to Windows' Control Panel and open "Programs'.
- Open "Features' under Programs and click "Turn Windows Features on and off'.
- Now, scroll down to find "SMB 1.0/CIFS File Sharing Support' and uncheck it.
- Then click OK, close the control Panel and restart the computer.
Step 3: Keep your firewall enabled and modify your firewall configurations to block access to SMB ports over the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.
Step 4: Having a good antivirus system is recommended. Most antivirus providing software companies have the capability to detect and block WannaCry and can prevent secret installations from the malicious applications.
Step 5: Most ransomware spread through phishing emails, malicious adverts on websites, and third-party apps and programs. Unsolicited mails should not be opened, unidentified links whose source is not verified should not be clicked on and apps should not be downloaded from the third party sources.
Step 6: As the core game that ransomware operates on is encrypting valuable files and making it inaccessible, the best way to secure onself is to have a backup of the data. This backup should be protected and stored offline to prevent hackers from deleting it.
Step 7: Cloud services can help reduce the ransomware infection as they retain the previous versions of files, allowing to roll back to the unencrypted form.
Step 8: Performing pen tests and vulnerability assessment of networks can turn to be fruitful.
Step 9: Raising community awareness, implementing stronger security practices, educating young people, training employees can lead us to become a digital society resistant from attacks.
Step 10: Kill switch
Kill switch will not prevent unpatched systems in following scenarios:
a. If your firewall or antivirus blocks access to sinkhole domain.
b. If someone DOS sinkhole domain.
c. If your system requires proxy to connect to internet.
Step 11: Go for an offline Fix with WannaSmile.
Wannasmile offers a fix by disabling the SMB in the defected system, editing your host file and adding google's IP to the kill switch and by creating a lightweight local webserver and adding a localhost to the kill Switch.