What is WannaCry? How does WannaCry ransomware work?

WannaCry is a type of ransomware that infected the National Health Service(NHS) and other organisations across the globe including government institutions in China, Russia, the US and most of Europe. India was among the countries worst affected by the WannaCry attack. NHS England was also the victim of a massive ransomware attack resulting in some patients’ operations being cancelled.

The attack occurred after the USA’s National Security Agency discovered a vulnerability in Microsoft’s software called EternalBlue. This exploit was leaked by a hacker group called the Shadow Brokers earlier this year but the vulnerability was patched by Microsoft as soon as it happened.The problem comes from older versions of Windows or those without Windows Updates, as these were not patched by Microsoft and were left open to attacks. Russia and India were hit particularly hard because Microsoft’s Windows XP-one of the operating systems most at risk- was still widely used in these countries.

Let us know something about Ransomware before we begin to know about WannaCry.

What is Ransomware?
Ransomware is a malware that stealthily gets installed in our PC or mobile device and holds our files or operating system functions for ransom. It restricts the user from using their device and from accessing their files and demands that the victim has to pay some ransom within three days and if the user fails to do so then WannaCry will delete all of the encrypted files and all data will be lost.

What does a Ransomware attack look like?
Ransomware targets our pictures, documents, files, and data that are personally invaluable.
We can tell that we are under attack when we see any of the following:

  • Ransomware note
  • Encrypted files
  • Renamed files
  • Locked browser
  • Locked screen

What!?! There are several ransomware types?
Yes. Ransomware has shaped into different forms as it incorporates people’s computing habits and use recent technologies. There are two types of ransomware –

  • Lockscreen ransomware shows a full-screen message that prevents us from accessing our PC or files. It says we have to pay money (a “ransom”) to get access to our PC again.
  • Encryption ransomware changes by encrypting our files so we can’t use them. Now, we know WannaCry is a type of Encryption ransomware.

How does WannaCry work?
WannaCry works by encrypting data on a computer that has been infected and then tells the user that their files have been locked and displays information on how much is to be paid and when payment is taken through Bitcoin(a payment medium).

Is your computer vulnerable?
If you are running an older version of Windows that is no longer supported by Microsoft, you will be vulnerable to WannaCry, according to Microsoft’s blog. This includes Windows 8 and Windows XP which the majority of NHS England trusts are using.
But if you are using Windows 10 or any of the other version such as Windows Vista, Windows 7 and Windows 8.1 systems, you’ll be protected as long as your automatic updates are enabled.

When can a ransomware attack start?
Potential victims can fall into the ransomware trap if they are:

  • Browsing untrusted websites
  • Not careful about downloading or opening file attachments which are known to contain malicious code from spam emails. Some possible attachments can be:
    Executables (.ade, .adp, .ani, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .hlp, .ht, .hta, .inf, .ins, .isp, .job, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz, .msc, .msi, .msp, .mst, .pcd, .reg, .scr, .sct, .shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh, .exe, .pif, etc.)
  • Office files that support macros (.doc, .xls, .docm, .xlsm, .pptm, etc.)
  • Installing pirated software, outdated software programs or operating systems
  • Using a PC that is connected to an already infected network

Prevention :

  • Keep your Windows Operating System and antivirus up-to-date.
  • Regularly back-up your files in an external hard-drive.
  • Enable file history or system protection. In your Windows 10 or Windows 8.1 devices, you must have your file history enabled and you have to setup a drive for file history.
  • Use OneDrive for Consumer or for Business.
  • Beware of phishing emails, spams, and clicking malicious attachment.
  • Use Microsoft Edge to get SmartScreen protection. It will prevent you from browsing sites that are known to be hosting exploits, and protect you from socially-engineered attacks such as phishing and malware downloads.
  • Disable the loading of macros in your Office programs.
  • Disable your Remote Desktop feature whenever possible.
  • Use two step authentication.
  • Use a safe and password-protected internet connection.

How big is the ransomware problem?
Ransomware is a global problem. The US, Italy, Russia, Korea, and Spain saw the most ransomware encounters in 2016.

After exploding in the past couple of years, ransomware encounters seem to have begun to decline. However, this trend is not a reflection of the email and exploit kit campaigns that try to install ransomware on computers. All in all, millions of computers still encountered ransomware in 2016.
In 2016, over 200 ransomware families were tracked. Over half of these families were discovered only in 2016, which means that cybercriminals are constantly releasing new ransomware in the wild.

Top ransomware:

  • Ransom:Win32/Cerber
  • Ransom:Win32/Locky
  • Ransom:Win32/Spora
  • Ransom:Win32/HydraCrypt
  • Ransom:Win32/Critroni
  • Ransom:Win32/Teerac
  • Ransom:Win32/Troldesh

This article is contributed by Aakash Pal. If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above.



My Personal Notes arrow_drop_up


Article Tags :

Be the First to upvote.


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.