The abbreviation " VPN " has slowly become established among average Internet users, which is certainly good, but the problem is that people have started to see VPN as the ultimate solution to all problems.
Ransomware Wana Decryp0r, also known as WCry, WannaCry, and WannaCrypt, is a virus that has traveled the world and infected hundreds of thousands of computers in 99 countries.
This virus is known to us before, but it was not so widespread. During the weekend, the virus broke out and infected many computers, including the computers of health institutions in the UK, which made it impossible for their systems to function properly.
But the virus does not choose, so it attacks computers from average users to the Russian Ministry of Internal Affairs. However, they protected themselves in time and thus infected "only" 1,000 computers, which is less than one percent of the computers they use.
WannaCry has spread so rapidly thanks to a tool created by the National Security Agency (NSA) that was released last month by the public hacker group Shadow Brokers. This tool works by providing access to a computer via the SMBv1 protocol.
The virus first downloads the TOR client and places it in the TaskData folder. It communicates with the management server using the client's TOR. Then, it encrypts the files on the computer and adds the.WNCRY extension to them, and in the encrypted folder creates the file @ Please_Read_Me @ .txt which contains questions and answers and the file @ WanaDecryptor @ .exe
Then, WannaCry deletes Shadow Volume Copies and disables Windows startup recovery, and clears Windows Server backup history. Finally, Wana Decryptor 2.0 is displayed with information on how to pay the ransom. The victim is promised that the files will be returned if he pays $ 300 in bitcoins. If you do not pay on time, the amount increases.
How to protect yourself?
Because of the way WannaCry is expanding, Microsoft has released patch updates for older versions of Windows, including Windows XP, Windows 8, and Windows Server 2003. A month ago, MS released an update (MS17-010) for current versions of Windows, ie. Windows Vista, Windows 7, Windows 8.1, Windows 10, and Windows Server 2008/2012/2016.
If you are using an older version of Windows and you are not sure if you have received a security update for this virus, you can download and install it manually from THIS link.
Manually disable SMBv1:
- Control panel \ Programs \ Programs and functions
- Turn Windows features on or off
- Disable "SMB 1.0" in the list
- Save and restart your computer
To check if SMBv1 is disabled, open CMD (win + r> cmd> enter), copy this code and type enter:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
The first item should be "False" and the second "True". This means that v1 is disabled and v2 is enabled. If v2 is not enabled, run this command:
Set-SmbServerConfiguration -EnableSMB2Protocol $ true
More detailed instructions on the Microsoft site - link.
WannaCry is currently being stopped by a person signing up online as MalwareTech. How? He looked at the virus and found an interesting domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com which registered for ten dollars and thus extinguished this virus.
The way this "switch" work is simple: WannaCry checks every time it starts to see if the domain is registered, if not - it continues to run. When MalwareTech registered the domain, the virus stopped spreading and thus permanently disabled the spread of this version of the virus. But, he warns that this solution is only for that version, hackers only need to change a piece of code and run the virus again.
Therefore, the best solution is to update your system regularly and use an updated Antivirus. Avast says that their anti-virus has a "software behavior" protection module and can detect this virus in time, and the module is available in all versions, even free.
You can view the current map of infected computers at this link:
Comments
Post a Comment