Templates by BIGtheme NET
Home / General / Wanna Cry: All we know about ransomware cyberattack
Wanna Cry: All we know about ransomware cyberattack
Wanna Cry: All we know about ransomware cyberattack

Wanna Cry: All we know about ransomware cyberattack

The wanna cry ransomware is a type of malware computer that installs silently on devices and that once put into action encrypts all data to block access. To be reversed you need a password, for which money is required. It is customary to infect the victim through spam mails and malicious attachments.

The virus causes the following message to pop up on the screen: “Ooops, your important files are encrypted” and request the rescue of 300 dollars in bitcoins (digital currency) to release them. The message includes instructions on how to make the payment and a stopwatch. If payment is not made within the established period, the data will be blocked forever.

It is important to note that this Vulnerability can only use an Exploit to obtain remote access with System privileges, which means that the attacker can gain access with elevated privileges in the System, this causes that Ransomware has total control of a System in A network and may extend through it to all vulnerable Windows Systems that are not up to date with the above mentioned patch.

The size of the ransomware file is 3.4 MB (3514368 bytes).

Wanna Cry: All we know about ransomware cyberattack

How it behaves: From the command line, copies and snapshot backups are deleted from Hard Disk Volumes. Ransomware is written to a folder of random characters in the ‘ProgramData folder with the file name of “tasksche.exe” or in the folder C: \ Windows \ with the filename’ mssecsvc.exe ‘and’ tasksche.exe . ‘

Some examples:

  • C:\ProgramData\lygekvkj256\tasksche.exe
  • C:\ProgramData\pepauehfflzjjtl340\tasksche.exe
  • C:\ProgramData\utehtftufqpkr106\tasksche.exe
  • C:\programdata\yeznwdibwunjq522\tasksche.exe
  • C:\ProgramData\Uvlozcijuhd698\tasksche.exe
  • C:\ProgramData\pjnkzipwuf715\tasksche.exe
  • C:\ProgramData\qjrtialad472\tasksche.exe
  • C:\programdata\cpmliyxlejnh908\tasksche.exe

Ransomware grants full access to all files using the command: Icacls. / Grant All: F / T / C / Q

Download Antivirus for Wanna Cry – ransomware

As mentioned above, it is recommended to update the System with the MS17-101 Acutalization. Security Update for SMB Windows Server: March 14, 2017.

Download wannay cry – ransomware localized updates for Windows Server, Windows XP, Windows 8, visit:

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

New variants of ransomware appear regularly. Always keep your security software up to date to protect against them, ie your Antivirus.

Keep your operating system and other software up to date. Software updates will often include patches for newly discovered security vulnerabilities that could be exploited by Ransomware attackers.

Email is one of the main methods of infection of Ransomwares. Beware of unexpected or unsolicited emails, especially if they contain links and / or attachments.

Be very careful with any Microsoft Office e-mail attachments that advise you to enable macros to view their contents. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable the macros and, instead, immediately delete the email.

Backing up important data is the most effective way to combat ransomware infection. Attackers have influence over their victims by encrypting valuable files and rendering them inaccessible. If the victim has backups, you can restore your files once the infection has been cleared. However, organizations must ensure that backups are properly protected or stored offline so that attackers can not delete them.

Using cloud services could help mitigate ransomware infection, as many retain previous versions of files, allowing it to “roll back” to the unencrypted form.

What if I am infected?

The first thing that is recommended is NOT PAY, since on the one hand as we are “negotiating” with cyber criminals, nothing, and nobody guarantees us that they will give us the key or we will decipher the files. In addition, we would be promoting cyber crime and creating such threats.

Second, it is advisable to ailsar the network equipment (if it were in one), to apply the mentioned patches, to keep the files in copies of Security, since it is a question of time (short or long) that will be released some solution to describer its archives .

About Windows Tips

Leave a Reply

Your email address will not be published. Required fields are marked *

*


*