chinese

WannaCry Ransomware hits over 200,000 Windows PC using leaked NSA tools

Many Windows PC users that runs on outdated operating system with critical vulnerability has been a new target for the widespread, malicious WannaCry Ransomware yesterday. Till today, there has been over 200,000 Windows users infected in 99 countries and this number is currently rising to a whole new level. With the ransomeware hits their system in the weekend, the new malicious virus has cripple many system worldwide including ATMs, train stations and even medical health institution that makes patients left for dead. One of the earliest and the biggest institution affected by the new ransomware are National Health Service (NHS) England, and Telefonic, a network provider and it eventually spreads to companies in companies in Spain, Russia, Ukraine, Taiwan, and now Malaysia

What is a ransomware?

Encryption is an industrial standard for IT companies and PCs that kept their files and confidential documents secured against unauthorized access from other users. However, this advanced technology has been exploited by cybercriminals, which in turn encrypts users file without permission and requires a ransom to decrypt the file with the private key so that it remains accessible.

While there are some ransomware actually did decryption services for affected users, still in most cases not all files will be decrypted by cybercriminals despite paying the ransom, thus leaving the victim helpless.

How does the WannaCry Ransomware spread and works?

As most victim in most field has low awareness and knowledge for protection against such threats, it is easy for them to click on or download malicious file through emails or unknown website. The WannaCry Ransomware is spread using a known vulnerability from a leaked NSA explots released last month. All files will be encrypted with RSA-2048 encryption and decryption is somehow impossible without the private key being held by cyber-criminals.

According to a security researching company – Malwarebytes, the ransomware spread through the ETERNALBLUE SMB vulnerability and the malware tries to connect itself to a gibberish website and then activates the mechanism when the connection failed. The ransomware then demands a ransom of $300 worth of bitcoin, transferred into an anonymous cryptocurrentcy account that is untraceable.

As a countermeasure, security researchers has registered the verification domain that temporary halts the spread of WannaCry Ransomware, but a new version was reported to hit the market without the “Kill Switch” technique. If your computers runs on unsupported Windows version or a pirated version, chances that you get infected will be way higher than you expected

How do i protect myself against this ransomware?

Microsoft has released an emergency security patch update patching all the vulnerability currently exploited by the WannaCry Ransomware yesterday on Windows 7 and some out of date Windows version such as Windows XP and Vista. If you hadn’t received your update for your PC or your organization, it is critically essential to apply the patch by clicking on this link right now!

On the meantime, it is strongly recommended that your disable SMBv1 on your PC to prevent your PC to be infected with the WannaCry Ransomware. Here’s how you can disable it

  1. Search “Turns Windows Feature On or Off” in Windows search bar
  2. Find “SMB 1.0/ CFIS File Sharing Support and untick
  3. Reboot your PC

Add-Remove Programs client method

 

Meanwhile, you also can execute this command through PowerShell by entering this command “Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol”

Windows Powershell as Administrator

 

Don’t click on any suspicious email or visit unknown website and we hope to see you safe there!

 

作者简介