WannaCry Cyber Attack – The Aftermath

Unprecedented Cyber Attack has left many businesses and public organizations reeling.

Four days of panic, following one of the worst Cyber Attack in recent history, triggered many businesses and institutions to have their IT staff work round the clock. Although the worst seems to have passed, we are still skeptical. Read on to know more about the Ransomware attack and ways to prevent it.

WannaCry Ransomware:

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. This software encrypts all files on the system and prevents users from accessing it. It then demands money to be sent to a specific account in a particular currency. Perpetrators claim to provide a decryption code once they receive money.

WannaCry aka WannaCrypt, WannaCryptor is a variant of Ransom.Wannacry worm. It spreads by exploiting a vulnerability in the Windows operating system. Once installed, it encrypts files and demands a payment to decrypt them.

Most, if not all, affected computers had very old Operating Systems, without necessary security patches installed. NHS in UK were using Windows XP, a 15 year old operating system. Where the support from Microsoft has ended a long while back. First strain of WannaCry was identified in Jan 2017 and was patched by Microsoft in March, 2017 security bulletin.

Organizations which failed to install the patch were vulnerable to attack. WannaCry Ransomware is network aware and spreads through the corporate network, this made it worst. Once a PC within the network is infected, it infects rest of the PCs pretty quickly.

How do I prevent being infected?

This is quite easy;

1. Keep your operating system patched. Generally, Windows Operating system automatically installs updates, don’t disable it.
2. Refer to “How to configure and use automatic updates in Windows“
3. For Windows XP or older version Windows PCs, automatic updates are not available. Pl use below link to download and install the patch immediately.
4. Refer to “Customer Guidance for WannaCrypt Attack“

What if I am infected?

Don’t panic and go through below suggestions.

1. First, disconnect your PC from the network.
2. Don’t pay ransom money.
3. See if you have backed up your important files,
4. if yes, you are in luck.
   1. Start rebuilding your computer by resetting the PC to factory default.
   2. Install Anti-malware / virus application.
   3. Install other Apps
   4. Restore data from backup.
5. If no, unfortunately there is no recovery method.
6. Singapore users should contact “SingCERT” for further help.

Who is Responsible?

While global man-hunt is going on, there are no clear suspects. A tweet from Neel Mehta, a Google Security Researcher, highlights code resemblance in attacks by Lazarus Group. The group has been blamed for the Sony Pictures hack of 2014 and for stealing millions of dollars from a Bangladeshi bank in 2016. The Lazarus hackers have been linked to North Korea, raising suspicions that the nation could be responsible for the attack.
 

At the time of this report, Cyber Attack has affected more than 300,000 PCs. Keep your data safe by updating your computer and installing critical patches regularly.