By Bradley Coulter / Cyber Security / 0 Comments

WannaCry Ransomware hits 99 Countries exploiting leaked NSA Tool

WannaCry Ransomware hits 99 Countries exploiting leaked NSA Tool

It has been an unanticipated day for millions of users across the globe as a massive ransomware targeted 99 countries, small and large companies including healthcare hospitals and telecom companies.

A relatively unusual kind of ransomware cyber-attack has taken the world by storm, causing calamities in National Health Service hospitals and businesses around the UK, and advancing to telecommunications in Spain, where it shambled the largest telecom company Telefonica, along with Telenor in Hungary.

What is WannaCry Ransomware?

It's a dangerous ransomware which encrypts each and every file and folder on your computer and makes them inaccessible to you. To decrypt the files and folders, WannaCry Hackers are demanding $300 worth of Bitcoins.

It's a ransomware which completely encrypts your data. To decrypt the data encrypted, WannaCry Hackers are demanding $300 value of Bitcoin.

Wanna Cryptor, WanaCrypt0r 2.0, WannaCry or Wcry has infected thousands of computers worldwide, causing millions of dollars of damage. Kaspersky Lab said more than 90 countries had been affected so far and there seems to be no stop to the ransomware.

The enormous malware that engulfed Europe, Asia and other parts of the world appears to be spreading at a faster rate than anticipated by security experts. Cyber security experts have long warned regarding a ransomware attack, and it appears that their worst fears have now taken full effect.

“The spread is immense,” says Adam Kujawa, the director of malware intelligence at Malwarebytes, which discovered the original version of WannaCry. “I’ve never seen anything before like this. This is nuts.”

Ransomware cyber-attacks dominated the cyber threat landscape in 2016, costing businesses more than $1 Billion worldwide. The ones most affected by this crime are small and medium sized businesses who pay the highest price as they don’t possess the means to obscure themselves against such a massive ransomware cyber-attack.

Should I be concerned if I am a victim?

There’s nothing you can do once you’re infected by the ransomware as it encrypts any and all files on your computer completely unless you meet the demands upon which the hackers will decrypt the data once they receive funds from you. But, if you have a backup of the files you should be able to restore them after cleaning the computer.

Related Read: How to Protect Yourself from Wanna Cry Ransomware?

What should you do if you're a business:

Businesses suffer a lot due to a ransomware attack. Your data such as financial reports, cash flows, user base, client details amongst numerous others gets lost. That very data can be sold to your competitors so they get an upper edge over you.

What should you do if you're an individual:

If you're an individual and your data in the folders has been encrypted, there's a high chance that your information such as pictures, videos, documents, financial statements, bank details, social account passwords amongst others are completely lost.

That very information can be used to blackmail you or be sold to the highest bidder. One should always be careful of the intricate details they save on their devices as you never know when they might get used against you.

Should I give money to Wana Decrypt0r 2.0 to decrypt my file?

Undeniably, the most simple, fast and reliable method to recover any files that have been encrypted by the Wana decrypt0r 2.0 ransomware is to restore them from any possible backup taken before the ransomware took place.

To answer the question whether you should pay, let’s be clear first: WannaCry hackers are criminals that you’re coming to face with, so there’s no guarantee as to what might fall through when you do make any payment. It just might be equal to simply throwing your hard-earned money away. Or it might work out in your favor where you do recover your files.

Only you can decide whether or not to pay criminals the ransom. We recommend, Don’t Do It. Making any payments to WannaCry ransomware only reassures their criminal enterprise’ agenda, and puts millions of people and businesses at risk of finding their files encrypted by the ransomware as WannaCry certainly won’t be catering to each payment received.

As an alternative, pick up from the harsh experience. Most importantly, start off by backing up your data so that this never has to happen to you ever again!

How Does WanaCrypt0r 2.0 work?

What’s sad is that the ransomware did not spread due to people clicking on bad links. Nonetheless, the only way to prevent this attack was to have your system updated with the latest update.

With the help of EternalBlue exploit, the malware installed the NSA backdoor payload called DoublePulsar, and through it went WannaCry, dispersing swiftly and automatically to other computers on the same network – hundreds at one single time.

The infectious WanaCrypt0r 2.0 malware is notable for multi-lingual ransom demands which support more than two-dozen languages. That begs the question, how does one protect themselves against this ransomware?

What actually went down?

Here’s what happened: Attackers installed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14th, 2017 with the MS17-010 patch were affected; this patch resolved an exploit known as EternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by Shadow Brokers.

Is NSA tied into this attack?

The incredibly dangerous new kind of self-replicating ransomware is known to be a National Security Agency exploit that was publicly released last month by the shadowy group calling themselves Shadow Brokers.

Analysis of the WannaCry Ransomware attack

Currently, at least 50,000 attacks of the WannaCry ransomware have taken in 90+ countries around the world, especially in Russia, Spain, and the UK.

WannaCry Ransomware

The following is the message that appears when your files have been encrypted by Wana Decrypt0r 2.0.

WannaCry Ransomware

In terms of targeted files, the ransomware encrypts files with the following extensions:

.der, .pfx, .key, .crt, .csr, .p12, .pem, .odt, .ott, .sxw, .stw, .uot, .3ds, .max, .3dm, .ods, .ots, .sxc, .stc, .dif, .slk, .wb2, .odp, .otp, .sxd, .std, .uop, .odg, .otg, .sxm, .mml, .lay, .lay6, .asc, .sqlite3, .sqlitedb, .sql, .accdb, .mdb, .dbf, .odb, .frm, .myd, .myi, .ibd, .mdf, .ldf, .sln, .suo, .cpp, .pas, .asm, .cmd, .bat, .ps1, .vbs, .dip, .dch, .sch, .brd, .jsp, .php, .asp, .java, .jar, .class, .mp3, .wav, .swf, .fla, .wmv, .mpg, .vob, .mpeg, .asf, .avi, .mov, .mp4, .3gp, .mkv, .3g2, .flv, .wma, .mid, .m3u, .m4u, .djvu, .svg, .psd, .nef, .tiff, .tif, .cgm, .raw, .gif, .png, .bmp, .jpg, .jpeg, .vcd, .iso, .backup, .zip, .rar, .tgz, .tar, .bak, .tbk, .bz2, .PAQ, .ARC, .aes, .gpg, .vmx, .vmdk, .vdi, .sldm, .sldx, .sti, .sxi, .602, .hwp, .snt, .onetoc2, .dwg, .pdf, .wk1, .wks, .123, .rtf, .csv, .txt, .vsdx, .vsd, .edb, .eml, .msg, .ost, .pst, .potm, .potx, .ppam, .ppsx, .ppsm, .pps, .pot, .pptm, .pptx, .ppt, .xltm, .xltx, .xlc, .xlm, .xlt, .xlw, .xlsb, .xlsm, .xlsx, .xls, .dotx, .dotm, .dot, .docm, .docb, .docx, .doc

The file extensions that the malware is targeting contain certain clusters of formats including:

  1. Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
  2. Less common and nation-specific office formats (.sxw, .odt, .hwp).
  3. Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
  4. Emails and email databases (.eml, .msg, .ost, .pst, .edb).
  5. Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
  6. Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
  7. Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
  8. Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
  9. Virtual machine files (.vmx, .vmdk, .vdi).

How long will WannaCry attack last?

Typically, ransomware often has a short life. However, in the case of WannaCry ransomware, nothing can be certain as it keeps on spreading unless you update your system. Moreover, as anti-viruses and VPN understand new versions of the malware, they can prevent infections from initiating and dispersing to various parts of the world.