The WannaCry ransomware burst into the spotlight over the weekend as reports of infections streamed in from around the globe. This has affected systems in more than 150 countries with more than 230,000 computers infected.
What is Ransomware?
Ransomware is a type of malicious software(computer virus) that encrypts and blocks access to data until a ransom is paid. It usually spreads via spam emails and malicious download links and displays a message requesting payment to decrypt it.
The WannaCry ransomware A.K.A. Wanna Decryptor, uses a leaked NSA exploit Eternal Blue that targets Windows SMB service which can be used to hijack computers running unpatched, vulnerable Microsoft Windows operating system.
The ransomware that has affected systems in more than 150 countries recently. It leverages Social Engineering/Spear Phishing as their attack vector by sending some malicious links or a PDF file, which when clicked, installs the ransomware. Once installed, it scans the entire network for other vulnerable devices and spreads.
Follow these steps to prevent infection:
- Update your system.
- Upgrade to windows 10 if you are using older versions. Keep it updated.
- If you are using older versions of windows , apply these patches immediately.
- Enable Firewall, block access to SMB ports – TCP – 137,139 and 445 and UDP – 137 and 138.
- SMB is enabled by default on Windows. Disable SMB service –
- Have a pop-up blocker running on your web browser.
- Update your antivirus.
- Backup your data regularly.
- Do not open any attachments from any Unknown sources.
WHAT IF YOU ARE INFECTED?
Never Pay ransom.
Its upto you whether to pay the ransom or not. There is no guarantee that you will get your files back.