WannaCry: How To Defend Against The Ransomware Attack

Microsoft patches Windows XP and Server 2003 due to WannaCrypt attacks

The massive cyberattack ricocheting around the globe has reignited a debate: When should spy agencies disclose security vulnerabilities in companies' software?

Experts fear Monday will be worse for the WannaCry ransomware attack given more employees will login into their work computers, and could find they have been affected by the same.

Enable the "Show file extensions" option in the Windows settings on your computer.

In each case, a pop-up window demanded payments of $300, or about 2,000 yuan, in order to free the files. That's why it's called ransomware.

It turns out that WannaCry penetrates into the Windows system through weaknesses in the software's server message block (SMB) protocol.

The story got much more infuriating when experts figured out that the computer worm was a slightly modified version of an exploit built by the NSA - one stolen by the "Shadow Brokers" and leaked over the internet.

A mysterious, Russian-linked group called TheShadowBrokers last month claimed to have stolen the hacking tool, which may then have been acquired by another cyber gang and unleashed in Friday's onslaught.

FedEx: The company said it was "experiencing interference with some of our Windows-based systems caused by malware" and was trying to fix the problems as quickly as possible. Playing with fire finally caught up with the victims.

The attack, already believed to be the biggest online extortion scheme ever recorded, is an "escalating threat" after hitting 200,000 victims across the world since Friday, according to the head of Europol, Europe's policing agency.

Microsoft says governments should stop 'hoarding' security vulnerabilities after WannaCry attack
The security flaw that hackers used to launch the attacks Friday was made public after information was stolen from the U.S. National Security Agency, which routinely searches for flaws in software and builds tools to exploit them.

In the United Kingdom, hospitals were crippled by the cyberattack, which forced operations to be canceled and ambulances to be diverted.

The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March.

India is at increasing risk of falling prey to ransomware, the malware that has been ravaging computer systems worldwide. If you don't want to install the update for your PC, cybersecurity company Kaspersky Lab has a step-by-step guide to secure computer. He said the software attacking a vulnerability had been incorporated with other software and delivered in a way to cause "infection, encryption and locking".

Edward Snowden, the whistleblower who exposed the broad scope of NSA surveillance in 2013, tweeted, "If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened".

The 22-year-old researcher known as "MalwareTech", who wanted to remain anonymous, said he spotted a hidden web address in the "WannaCry" code and made it official by registering its domain name. It gives incentives to hackers and pays for future attacks. Experts say it will be hard for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe.

The hackers behind WannaCry took things a step further by creating a ransomware worm, allowing them to demand ransom payments not just from individual but from entire organizations - maybe even thousands of organizations.

The full extent of the attack won't become fully clear until Monday, when millions of workers return to the office for the first time after the attacks.

Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services also were affected, China's Xinhua News Agency said, citing the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company.

"It is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks", said the U.K.'s National Cyber Security Centre in a statement Sunday.



Other news