Ransomware Attacks News - Precautions and Prevention 

Ransomware attack Meaning

Ransomware/Malware attacks are increasing day by day throughout the world. Recently, a number of computer systems in various countries, including India, have been infected with a ransomware called Wannacry.
Ransomware are type of malware that encrypts the contents of a computer or server thereby converting the files/system unusable. The attackers will ask for payment/ransom (generally through bitcoins) to unlock/decrypt the system/files.

The main sources of Ransomware are

1) Email  attachments

2)  Internet browsing/downloading of files and  

3) Use of removable media like pen drive. 

Around five per cent of the computers infected by WannaCry are in India as reported by India Today group.

Following are the salient points regarding this ransomware:

1. WannaCry works by encrypting all the data on a computer system by changing file extension names to '.WNCRY'. The malware then displays a window informing users that their files have been encrypted and that they can be recovered in lieu of a payment made in bitcoin (Screenshot enclosed).

2. The window is accompanied by two timers - one counting down to a certain time after which the ransom amount will be raised 
while the other warns of the time after which users' files will be destroyed.

3. WannaCry uses an exploit named EternalBlue to infect computers running Windows operating systems. The exploit is currently available in public domain making it a huge risk for unprotected/unpatched system.

4. The pattern to detect known variants and component of this ransomware is available in Trend Micro Officescan Smart Scan Agent Pattern – 13.399 releasedyesterday (12/05/2017) . This ransomware is detected  as "Ransom_Gen.R023C0ED917" or RANSOM_WANA.A by Trend Micro

5. The Ransomware uses Microsoft SMB protocol to spread from an infected machine to infect other machines on the network. Accordingly,  machines without having AV installed or not having updated pattern pose a huge risk to the entire network.

6. Phishing emails are one of the attack vectors of this ransomware. It is requested to verify the actual source address of the email which is now being inserted as a stamp in the top of the email body in case of any email received from Internet. It is advised not to click on any embedded URLs in emails or to download any attachment from a email which looks suspicious