Cybersecurity company, Avast, says it has now detected more than 57,000 ransomware attacks in 99 countries.
The ransomware attack has affected big institutions including National Health Service (NHS) in England, Spanish telecommunications giant, Telefonica, courier delivery company, FedEx and the Russian Interior Ministry.
What is this ransomware?
The name of this particular ransomware software is WannaCry, also known as WanaCrypt0r 2.0. The ransomware locks down all the files and data on an infected computer and requests users to pay a ransom fee within a set period of time before they can regain control of the files. The ransom in this case is $300 in the virtual currency bitcoin.
Payment is demanded in three days or the price is doubled. After seven days it threatens to delete all files.
WannaCry is believed to have been developed by the American National Security Agency (NSA), to attack computers running the Microsoft Windows operating systems. WannaCry takes advantage of a vulnerability (called Eternal Blue) in the Windows system. The exploit was released online last month in a trove of alleged NSA tools by the Shadow Brokers hacking group.
Microsoft released a patch – a software update that fixes the problem – for the flaw, known as MS17-010, in March but clearly many organisations and individuals had not updated their computers.
Avast says “When the ransomware affects your computer, it changes the affected file extension names to “.WNCRY”, so an infected file will look something like: original_name_of_file.jpg.WNCRY, for example. The encrypted files are also marked by the “WANACRY!” string at the beginning of the file.”
This ransomware drops the following ransom notes in a text file:
Additionally, the victim’s wallpaper is changed to the following image:
The ransomware spreads on its own. When an infected computer is on a network, it automatically scans the network to find out other computers it can infect. It has a ‘hunter’ module, which seeks out PCs on internal networks.
Avast shares a map below showing the countries being targeted most by WanaCrpytor 2.0:
How to Prevent the attack.
All you have to do is to update your system with the Microsoft security patch. Please note it won’t do any good for machines that have already been hit.
Also ensure you back up your data everyday so that you don’t have to pay even when you are infected.