Categories
Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware spreading stopped – Thanks to Microsoft and MalwareTech security firm

As a reminder, WannaCry Ransomware is a ransomware malware created to use some exploits harvested from NSA hack. The infection spread in over 70 countries.

Microsoft has patched this issue, so the users that run supported Windows versions, Windows 7, Windows 8.1 and Windows 10, are safe if they have all the system updates installed and Windows Defender enables.

But despite this, Microsoft has published an emergency update for all the Windows systems (except Vista), in order to block the WannaCry ransomware, flagged by Microsoft Ransom:Win32/WannaCrypt .

Download the update patch matching your operating system and architecture:

All you have to do in order to patch your system is to download the update and install.

On top of Microsoft’s work to update and secure operating systems which reached EOL (end of life), a cybersecurity researcher from MalwareTech handle has managed to stop the WannaCry infection from spreading.

The researcher has studied the code and found a kill switch, hardcoded by the creator of the code in case he wanted to stop it from spreading. The malware was designed to stop if it got response from an internet domain, so the MalwareTech company registered that domain since the attacker did not bother to buy that domain.

According to Bitdefender, the malware spread in 104 countries, infected 180.000 devices, and only 102 victims decided to pay the $300 Bitcoin ransom.

As a piece of advice, as I said in the previous article, you should download the right patch for your operating system, keep Windows Defender active and do not open malicious mails.

WannaCry Ransomware spreading stopped

 

Categories
Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware infection is the largest in history

Recently, the British National Health System (NHS) has become the victim of WannaCry ransomware (also known as WCry or WanaCryptor), a very lethal computer virus that encrypts all the data from the infected computers. While the first infected systems were in UK, the virus has spread in other countries as well.

The attack took place on Friday (yesterday) and affected 74 countries (including UK, US, China, Russia, Spain, Italy and Taiwan), including 16 NHS trusts in UK, being the biggest in the history.

The WannaCry ransomware is based on an exploit harvested from the EternalBlue tool used for hacking by NSA and leaked a few months ago by the hacker group Shadow Brokers. Once a computer is hacked, it explores a vulnerability in the SMB file sharing. The most vulnerable computers are the ones with older operating systems and since the encryption is done with RSA-2048, the files cannot be decrypted without the hacker’s key.

The problem is that a lot of computers from public institutions still use Windows XP, a system which is very vulnerable to hackers, since it does not receive any more updates.

The losses were bigger than financial, this causing surgeons to cancel operations, because everybody was locked out of the system. For more information, see this Liliputing article.

The good thing in this is that Microsoft has released an update patch for all the supported Windows systems – Windows 7, 8.1 and 10 and the May 2017 updates should keep the users safe from this, if they have Windows Defender enabled with up to date signature database.

Final words:

If you keep your Windows system up to date with the latest updates and keep Windows Defender updated and enabled, you are safe from this ransomware malware.

Unfortunately, this happened because government agencies like NSA or CIA keep vulnerabilities unknown for their own benefit.