Also known as WanaCrypt0r 2.0, or WCry, WannaCry takes advantage of PCs running Windows to encrypt files and block users from accessing them, unless they pay $300 worth of bitcoins within 3 days. After that, the price doubles.
Who is WannaCry targeting?
During a major ransomware outbreak in May 2017, Russia, China, Ukraine, Taiwan, India, and Brazil were the most targeted countries. WannaCry has affected both individuals, as well as government organizations, hospitals, universities, railway companies, tech firms, and telecommunications providers in over 150 countries. UK’s National Health Service, Deutsche Bahn, Spanish company Telefónica, FedEx, Hitachi, and Renault were among the victims.
Where WannaCry comes from
Experts have noticed that WannaCry ransomware behaves like a worm, using two attack methods found in the leaked arsenal of the NSA (ETERNALBLUE and DOUBLEPULSAR). They also found evidence linking the ransomware outbreak to the North-Korean Lazarus Group.
In 2014, the hackers — known to use bitcoin in their operations — have wiped almost a terabyte’s worth of data from Sony Pictures’ database. They also created a malicious backdoor in 2015, and were involved in an $81m cyberattack on the Central Bank of Bangladesh in 2016.
How to recognize WannaCry
You probably won’t be able to recognize WanaCrypt0r 2.0 before infection, because it doesn’t require your input to do so. This type of ransomware behaves like a worm, spreading through networks and making its way to your PC, where it finally encrypts your files. When infected, you receive a warning and you won’t be able to access your files, or worse — you won’t be able to log in to your computer at all.
How to remove WannaCry
You can remove WannaCry using an antivirus software, but unfortunately that doesn’t magically decrypt your files. Once you’ve been affected, there is little you can do about it. Avast Free Antivirus comes with a ransomware decryption tool, but the encryption in WannaCry is very strong (AES-128 combined with RSA-2048). Your best hope is recovering your files from a backup, if possible, but first you have to clean and update your computer.
How to prevent WannaCry
To stay safe from WannaCry ransomware attacks, it’s vital to keep your software — especially your operating system — up to date. Microsoft recently made patches available even for older versions of Windows it no longer official supports. Make sure you use an antivirus, as this will help detect any suspicious activity on your computer. Avast will protect you with or without a patch. Advanced users can configure their Firewall settings, to control network traffic using specified connection parameters. These are called packet rules and may include network protocols, source or destination IP addresses, and local and remote ports.