WannaCry ransomware – The details

Ransomware called WannaCry has spread around the world like wildfire, infecting tens of thousands of PCs.

The ransomware is believed to be based on tools stolen from the US National Security Agency.

Avast said it had seen over 75,000 cases of the ransomware as of this weekend. It is reported that WannaCry, and variants of it, have hit organisations in 99 countries.

The details

The WannaCry ransomware – also known as WannaCrypt, WanaCrypt0r, WCrypt, and WCRY – has been detailed in a post on GitHubGist.

It can affect all versions of Windows before Windows 10, unless they have been patched for MS-17-010.

The ransom demand from the attack is between $300 to $600, and the post noted that there is code to “delete files” in the ransomware.

“The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder,” stated the post.

As discovered by a security researcher, the ransomware’s killswitch is the website “www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com”. If the website is up and running, the attack stops spreading.

Tens of thousands of PCs at large institutions and companies have been infected, including the NHS in the UK and FedEx, stated the post.

Warning from Wits

Wits university sent the following email to its students regarding the WannaCry ransomware:

Ransomware is a type of malicious software designed to block access to a computer system or data until a ransom is paid.

Users of all versions of Microsoft Windows operating system are notified and need to take immediate measures to install the relevant security updates. Important information can be found from the Microsoft Security Bulletin MS17-010.

On the 12th of May 2017, a new strain of the Ransom.CryptXXX (WannaCry) strain of ransomware began spreading, impacting a large number of organisations in Europe, demanding a ransom of $300 to $600 in Bitcoin to be paid by the 15th of May 2017.

What needs to be done?

If you are already infected then there is not much you can do. You will have to format and reinstall your software from offline unaffected backups.

If you have not been infected, make sure your security patches are up to date by using the Windows Update Service. Do not open any emails or attachments from unknown sources.

If you would like more information, please go to web link below from Microsoft TechNet. It also has security update web links for the relevant Microsoft Operating Systems https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Now read: Global cyber ransom attack spreads to South Africa

Latest news

Partner Content

Show comments

Recommended

Share this article
WannaCry ransomware – The details