What is Ransomware WannaCry ?
Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. In simpler words, it same as kidnapping your system by locking its files and asking you to pay a sum of amount to unlock it. While Ransomware WannaCry is another version of it.
Why this has got attention recently ?
WannaCry (or WannaCrypt, WanaCrypt0r 2.0,Wanna Decryptor) is a ransomware program targeting the Microsoft Windows operating system. On Friday, 12 May 2017, a large cyber-attack was launched using it, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency Bitcoin in 28 languages. The attack has been described by Europol as unprecedented in scale.
Here are 8 most critical information about Ransomware WannaCry:
- The file tasksche.exe checks for disk drives, as well as network shares and removable storage devices mapped to a letter, like ‘C:/’, ‘D:/’ etc. The malware then checks for files with a file extension as listed within the appendix and encrypts these using 2048-bit RSA encrypted code.
- To crack 2048-bit RSA encrypted code,it would take 1.5 million years with the standard desktop machine at the time.
- India is at 3rd position which is insanely attacked by this ransomware.
- Affected Products:
-All Windows versions before Windows 10 are vulnerable if not patched for MS17-010.
-Windows XP and Windows Vista users are completely vulnerable as both these operating systems no longer receives updates and security patches. - The file types it looks for to encrypt are:.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pst, .ost, .msg, .eml, .vsd, .vsdx, .txt, .csv, .rtf, .123, .wks, .wk1, .pdf, .dwg, .onetoc2, .snt, .jpeg, .jpg, .docb, .docm, .dot, .dotm, .dotx, .xlsm, .xlsb, .xlw, .xlt, .xlm, .xlc, .xltx, .xltm, .pptm, .pot, .pps, .ppsm, .ppsx, .ppam, .potx, .potm, .edb, .hwp, .602, .sxi, .sti, .sldx, .sldm, .sldm, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .bz2, .tbk, .bak, .tar, .tgz, .gz, .7z, .rar, .zip, .backup, .iso, .vcd, .bmp, .png, .gif, .raw, .cgm, .tif, .tiff, .nef, .psd, .ai, .svg, .djvu, .m4u, .m3u, .mid, .wma, .flv, .3g2, .mkv, .3gp, .mp4, .mov, .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .sh, .class, .jar, .java, .rb, .asp, .php, .jsp, .brd, .sch, .dch, .dip, .pl, .vb, .vbs, .ps1, .bat, .cmd, .js, .asm, .h, .pas, .cpp, .c, .cs, .suo, .sln, .ldf, .mdf, .ibd, .myi, .myd, .frm, .odb, .dbf, .db, .mdb
- Backdoor: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor.
- Ransom: Between $300 to $600 in BitCoins.
- A British computer researcher @MalwareTechBlog spent $10.69 on a successful plan to slow the global cyber attack that struck dozens of countries around the world and the domain was iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comEven though it was stopped temporarily but the malware authors also have released WannaCry 2.0 version.
So guys that’s all about WannaCry, give me you comments and views and even tell me if your are a victim too. :p