The ongoing ransomware attack that started on Friday has created a worldwide vulnerability of Windows operating systems to the crypto locker. But before the virus gets to your system, here is all you need to know about this virus.
Ransomware is a malware that infects the computer system and encrypts every data file it finds on it. This particular type of computer virus is meant for extracting ransom in return of decrypting all the files on the system. The current “WannaCry” Ransomware that has affected more than 150 countries across the world including the National Health Security in Britain is said to be the biggest attack so far. Previously meant for home users, this malware has started targeting businesses over the past few years which can help the hackers extract more money.
How does this malware work?
The ransomware is a computer virus which is sent through compromised websites and emails. Once an individual receives an email from an unidentified source, it compels the reader to click on a link that automatically downloads the virus to the computer system. The virus then refuses access of the user to any of the data files and finds loopholes in the system to encrypt every data file it finds on the system. It presents a pop up asking for $300 in bitcoins. If the ransom is not paid in 3 days, the ransom is increased to $600 and the malware threatens to delete every data you have on the computer system. Once loaded on the system, it is practically impossible to remove or delete it.
Who is vulnerable to the attack?
Anyone using an operating system below Windows 10, eg. Windows 8, 7, Vista, is vulnerable to the attack.
How to prevent the attack on your system?
Prevention is better than cure. Here are some easy steps to ensure your computer system says wary of such a malware.
- Apply the software patch:
Windows was quick to release an updated patch to be applied on all the Windows operating systems that are vulnerable to the attack. Make sure you apply the patch on your system to avoid the malware to encrypt files in case it downloads on the systems. Also, enable automatic updates in case you forget to update your software as the vendors keep releasing security updates regularly. This practice will help prevent any malware threatening your system.
The biggest thing that can help you from becoming a victim of the attack is not providing a leverage at all. Back your data regularly and in lesser time intervals. Make sure to take the updated data backup once you make a change in any of your document. You can use this by uploading your data to the cloud or on an external USB. Note here that the malware also encrypts data from any external USB in use with the system. Make sure to keep the external drives unattached with your system when not taking backup.
- Show hidden file extensions:
The virus is present in specific file extensions like ‘.PDF.EXE’. Because Windows by default hides this kind of extensions, it can be difficult to get hold of these files. Get hold of a list of such extensions and ensure to not click on any such attachments. These attachments would be presented from unidentified mailers or websites. Make sure to use security firewalls that can identify such suspicious sites for you. You can easily avoid an attack by not visiting any untrusted site and deleting mailers from IDs you do not recognize. Just in case you are not able to see the extensions, enable the feature from your system or browser.
- Filter your EXEs:
In case your mailer gateway has a filtering system, enable the filter to corner all the file attachments with an unknown file extension that have two extensions. Channelize all such emails to trash before it poses a threat to the system.
- Use the Cryptolocker prevention kit:
This is a kit made by Three Tier that automates the process of making a Group Policy to disable files running from App data and Local App data folders, also disabling the running of executable files from temp directory of various unzipping utilities.
- Disable RDP:
The cryptolocker targets your Remote Desktop Protocol (RDP), a Windows utility that lets others access your computer remotely. Unless and until it is absolutely needed, disable the feature to avoid malware attack.
What if I suspect the malware is present on my system?
Just in case you come across a file that you suspect is Ransomware, here are the following steps you can take to make sure it does not affect all of your systems.
- In case you find a suspicious file, unplug from the network or disable WiFi immediately. If at all it is the malware, it won’t be able to encrypt all your files and would top before completing the encryption and presenting the pop-up.
- If the malware threatens your systems and you have the system restore enabled, there is a good chance you get to start from a clean slate on your system. However, the newer versions of cryptolocker have made it difficult to do so as it identifies shadow files on your system.
- You will be absolutely sure that your system is under attack when the pop up specifies the time of collection. Now that you can do nothing to remove it, you can set the system clock back to make sure your 72 hours are not up. This is just a delaying strategy and does not delete the malware from your system.
Another way to deal with the affected system is to contact the customer care of your system vendor as they can have latest updates on how to tackle the malware.
We strictly advise not to pay the ransom money unless the encrypted data is absolutely necessary. Also, it has been noticed in cases where the ransom money is delivered, the data recovery has not been made as the decryption code does not run properly. Which means the decryption code is flawed and can lose the files anyway. It is better not to encourage criminal activity in such a case.