All You Need To Know About WannaCry Ransomware Cyber Attack

What Is WannaCry, Who Is Affected, and Everything Else You Need to Know About It
Key things to know about the WannaCry Ransomware Cyber Attack and operational steps to take to guard your network and devices.

I’m sure, you’ve read online or heard the news about the WannaCry Ransomware attack last weekend that hit organizations in more than 100 countries within 48 hours.

What is WCRY (WannaCry) Ransomware?

WCRY (WannaCry) Ransomware also known as WanaCrypt0r 2.0, WannaCry and WCry is a ransomware program targeting Microsoft’s Windows operating system.

A ransomware is a kind of cyber-attack where hackers can take control of your computer, and keep you from using it or accessing your data until you make a payment to the hackers. If you don’t, they can even delete everything.

Over 200,000 systems around the world were affected by the Wanna Cry attack, a tracker developed by a security researcher called ‘MalwareTech’ showed. Czech Republic-based antivirus provider Avast, however, gave a more conservative estimate of around 126,000 systems being affected, news agency Reuters reported.

What does WannaCry do?

RansomWare like WannaCry works by encrypting most or even all of the files on a user’s computer. Then, the software demands that a ransom be paid in order to have the files decrypted.

In the case of WannaCry specifically, the software demands that the victim pays a ransom of $300 in bitcoins at the time of infection.cIf the user doesn’t pay the ransom without three days, the amount doubles to $600. After seven days without payment, WannaCry will delete all of the encrypted files and all data will be lost.

The British National Health Services, FedEx, Telefonica, Nissan, Renault and others were among the highest organizations to be hit attacked by the WannaCry worms.

 

Screenshot of the ransom note left on an infected system

 

How was WannaCry developed?

The hackers of the WannaCry worm developed it using a piece of NSA code released last month by a hacking group known as the Shadow Brokers, according to security researchers. The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.

African Countries Affected by WannaCry:

According to a report by the BBC which shows countries hit the ransomware in the early hours of the attack; Nigeria, Niger, Angola, South Africa, Mozambique, Tanzania, Kenya, Egypt and Morocco were the only African countries initially affected by the cyber-attack. See below map for more.

Countries initially affected by WannaCry ransomware attack. Credit: Wikipedia.

[Tweet “Nine African countries hit by WannaCry Ransomware cyber attack. “]

How can you protect yourself from WannaCry Ransomware Attack?

Regardless of which operating system you run, you should install any and all available security updates immediately for your computers. Specifically, Windows users with machines that run Windows XP, Windows 8, or Windows Server 2003 should immediately install this security update released on Friday by Microsoft.

Below are some practices that one can take to prevent future cyber attacks:

  • Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments. Don’t open any email attachment with *”tasksche.exe”* file.
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
  • Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up.
  • Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to roll back to the unencrypted form.

In case your system is affected by the WannaCry Ransomware attack, Bleeping Computer has a WannaCry decryption guide on its site here. Take a look and follow the steps to clean your systems.

You can also track the geographical distribution of malware infection and time-series graphs of online and new bots via this MalwareTech botnet tracker and the WCryPT Tracker.

 

Categories
AfricaCloud ComputingCyber SecurityInternetOnline ActivismSouth AfricaTanzaniaTechnology

Award winning Ghanaian Technology and Startup Enthusiast. Passionate about the inter-correlation of technology, entrepreneurship and innovation within the African tech ecosystem. Tweet: @MacJordan Got news, products or services to promote on the blog, reach out via hello[at]macjordangh[dot]com or (+233) 544335582

RELATED BY