Meaning :-
Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
Attack :-
On 12 May 2017, WannaCry began affecting computers worldwide.The initial infection might have been either through a vulnerability in the network defenses or a very well-crafted spear phishing attack. When executed, the malware first checks the "kill switch" domain name.If it is not found, then the ransomware encrypts the computer's data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same network.As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.
Organizations that lacked Microsoft's security patch to Windows were affected by the attack, although there is so far no evidence that any were specifically targeted by the ransomware developers.Initially, any organization still running the older Windows XPwas at particularly high risk because no security patches had been released since April 2014 (with the exception of one emergency patch released in May 2014). However, after the outbreak, Microsoft released a security patch for Windows XP on 13 May 2017, the day after the attack launched.
According to Wired, affected systems will also have had the DoublePulsar backdoor installed; this will also need to be removed when systems are decrypted.
Ken Collins of On 12 May 2017, WannaCry began affecting computers worldwide. The initial infection might have been either through a vulnerability in the network defenses or a very well-crafted spear phishing attack.When executed, the malware first checks the "kill switch" domain name.If it is not found, then the ransomware encrypts the computer's data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same network.As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.
Organizations that lacked Microsoft's security patch to Windows were affected by the attack, although there is so far no evidence that any were specifically targeted by the ransomware developers. Initially, any organization still running the older Windows XP was at particularly high risk because no security patches had been released since April 2014 (with the exception of one emergency patch released in May 2014).However, after the outbreak, Microsoft released a security patch for Windows XP on 13 May 2017, the day after the attack launched.
According to Wired, affected systems will also have had the DoublePulsar backdoor installed; this will also need to be removed when systems are decrypted.
Ken Collins of Quartz wrote on 12 May that three or more hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown. To track the ransom payments in real time, a Twitterbot that watches each of the three wallets has been set up. As of 15 May 2017 at 7 PM, a total of 220 payments totaling $59,747.53 had been transferred.
wrote on 12 May that three or more hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown. To track the ransom payments in real time, a Twitterbot that watches each of the three wallets has been set up. As of 15 May 2017 at 7 PM, a total of 220 payments totaling $59,747.53 had been transferred.
How to defend against the ransomware
The vulnerability does not exist within Windows 10, the latest version of the software, but is present in all versions of Windows prior to that, dating back to Windows XP.
As a result of Microsoft’s first patch, users of Windows Vista, Windows 7, and Windows 8.1 can easily protect themselves against the main route of infection by running Windows Update on their systems. In fact, fully updated systems were largely protected from WanaCrypt0r even before Friday, with many of those infected having chosen to delay installing the security updates.
Users of Windows XP, Windows Server 2003 and Windows 8 can defend against the ransomware by downloading the new patch from Windows.All users can further protect themselves by being wary of malicious email attachments, another major way through which the ransomware was spread.
A of Microsoft’s security response team, Phillip Misner, wrote: “We know that some of our customers are running versions of Windowsthat no longer receive mainstream support.
“That means those customers will not have received the … Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download.”
Source : Wikipedia
No comments:
Post a Comment