How to Prevent your Computer to get hacked from WannaCry Ransomware Malware !


    What is WannaCry Ransomware:

    WannaCry ransomware is an ongoing Cyber threat/attack targeting Mircosoft systems, the first malware attacked was on Friday, 12th May 2017 that infected more than 70,000 computers in an hour.

    The Virus affected 150 counties, the virus first infected in the hospitals in England and telecom company in Spain, FedEx offices in the UK and Russian interior ministry, Russian interior ministry. 

    How was Wanna Cry Ransomware initiated a Spread?

    Most of the times the malware or virus is spread through the spam emails or unknown emails, emails that have URL’s or emails that come with attachments but this malware was initially spread in a different way

    Here is what actually happened, the virus was first deployed in the Microsoft servers by the unknown attackers, Microsoft servers running the file sharing protocol server message block, but the servers that were not updated after March 14 with MS 17-010 patch were affected, ” this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last winter. “lh

    However the malware didn’t spread for clicking on the links but it spread, the real reason was the external blue Exploit the virus installed an NSA backdoor payload DoublePlus Star and from then Wanna Cry went spreading automatically to other computers in the same network.

    What Does Ransome Virus Do?

    The malware ransom demands payments from the affected people, ” it finds all your files and encrypts them and leaves you a message, if you want to decrypt them, you have to pay.”

    If you don’t pay the attacker you may lose the data permanently, the malware takes over your entire computer and automatically changes the wallpaper and gives you the warning to pay the demands.

    In most cases, the virus demands between $300 to $500 and the price can be doubled if isn’t paid within 24 hours.

    How to Prevent your Computer from getting hacked from WannaCry Ransomware

    • The first thing you need to be alert about the links and pages you are browsing, and do not click on an Unknown link.
    • To be on a safe side the users should backup their computer database or information, the backup on regular basis will help you.
    • Soon after the attack, Microsoft has released a patch for the security hole, Patch (MS17-010), it’s Important for the users to install this patch on their computer, the computers which didn’t have this patch were only affected.
    • “If your software is not patched, you can exploit that user. Anyone who applied the patch that Microsoft released likely wasn’t affected by this,” Reiher said.
    • Do not open any unknown emails, that contain attachments and that could have malware.Avoid clicking on links or opening attachments or emails from people you don’t 
    • The Computers running on windows 7 windows 2008 are mostly prone to wanna cry attack, Wannacrypt0r2.0 was designed to work only against unpatched windows OS. People using windows 10 are safe, Upgrade your Windows OS to windows 10.
    • Remove Windows NT4, Windows 2000 and Windows XP-2003 from production environments.
    • Block ports 139, 445 and 3389 in firewall.
    •  SMB is enabled by default on Windows. Disable smb service on the machine by going to Settings > uncheck the settings > OK
    • Make sure your software is up-to-date.
    • Have a pop-up blocker running on your web browser.
    • Install a good antivirus and a good anti ransomware product for better security.
    • Avoid opening the links, Urls, files or emails or messages with these file Names 
      • @Please_Read_Me@.txt
      • @WanaDecryptor@.exe
      • @WanaDecryptor@.exe.lnk
      • Please Read Me!.txt (Older variant)
      • C:\WINDOWS\tasksche.exe
      • C:\WINDOWS\qeriuwjhrf
      • 131181494299235.bat
      • 176641494574290.bat
      • 217201494590800.bat
      • [0-9]{15}.bat #regex
      •  !WannaDecryptor!.exe.lnk
      • 00000000.pky
      • 00000000.eky
      • 00000000.res
      • C:\WINDOWS\system32\taskdl.exe