Do you WannaCry?

-------Over the last few days the world has seen the wrath of a well-co-ordinated ransomware attack, known as ‘WannaCrypt’ or ‘WCry”. This attack affected over 150 countries, India and China worst hit among them. Within a couple of hours of the attack, a researcher named Marcus Hutchins, who goes by @MalwareTechBlog on Twitter, was credited with stopping from spreading globally by accidentally triggering a ‘Kill Switch’ in the code.

By Sunday we thought the threat wave is over, assuming we can get back to being cool about it. However Monday, brought a new wave of fear with an even rogue version of the ransomware called Wannacry 2.0, the one without a kill switch. The creators behind “WannaCry” have quickly evolved around this domain-based kill switch and altered their code to remove the somewhat bizarre error and restart their ransomware campaign.

Security researchers have discovered variants of the Windows malware that either doesn’t have a kill switch, or which ping to a different domain than the one discovered by the researcher. Governments and experts are expecting a possible worsening of the ransomware cyber-attack in this week as many businesses’ computers might get exposed to unpatched systems making it vulnerable to attack.

For those who are not affected, we strongly recommend such users to ensure that their systems are updated with the latest antivirus and anti-malware software along with patches released by Microsoft at the earliest, in order to keep the ransomware attack at bay.

Microsoft had released a software patch (MS17-010) for the security holes on March 14, 2017. Those who applied critical Microsoft Windows patches released in March were protected against this attack, while those who did not are affected, according to the company. Hence, Microsoft has now not only encouraged users to download the fix they released for the vulnerability back in March but also created security patches for several now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.

Img 1: Map of Wannacry infections reported as of Monday, 15th May 2017

As of Monday, BlockChain reports the following statistics showing how many transactions and resulting BitCoin balance for each of the three BitCoin addesses supplied within the malicious file. This translates to approximately $52,000 in revenue for attackers.

Img 2: BitCoin Payments for WannaCry Ransom

How to defend against WannaCry ?

Here are some ways to protect yourself from WannaCry Ransomware:

1.    Take Backups Frequently

If your machine is attacked by Wannacry and your files are encrypted. Gaining access to your data is difficult. In such a case if backup of data is taken, it makes it easier to recover you work and reduce the damages caused.

2.    Update and Patch OS

Most of us ignore the periodic updates that our OS gives, often thinking it is a waste of our precious time. This increasing the risk of such an attack that may wipe all our important data and precious time too.

3.    Strong 360 Degree protection with IDS, Firewall and Antivirus

As a business owner it becomes extremely important to have an IDS, Firewall and an Antivirus installed.  One should not take a chance of installing only a strong antivirus and ignoring the IDS and Firewall. You’ll need all three of them together to secure your business. When we speak about IDS, we mean a system that will be in charge of monitoring the behavior of a network to detect and report any unauthorized intrusions, which can affect the integrity of the network.

Additionally, Antivirus solutions will allow detection of malicious code. A good Antivirus solution must also detect when a file has some kind of malicious behavior to disallow execution, and thus prevent damage or theft of information.

Finally, a Firewall is a security tool that lets you control network traffic. They generally filter network traffic between the Internet and a particular device, and can operate in two different ways: allowing all network packets and only blocking some considered suspect; or by denying all packets, only allowing those that are considered necessary.

4.    Educate Team

Your team can act as your phalanx in defending against a ransomware attack. Educating them will help you minimize your losses, if ever you are affected. Also your team can performance as an additional vigilant layer, monitoring suspicious activity both internal and external.   

5.    Neutralize Immediately

In case you fall prey to a Wannacry attack, immediately disconnect the machine that is affected from the rest of the network. The malware reportedly spreads very quickly through the LAN. Run clean up procedures mentioned on Windows website and report it to your local law enforcement agencies.

For India: Users can send an email to incident@cert-in.org.in or call on the toll-free number – 1800-11-4949 / +91-11-24368572.