The rise of ransomware has caused a havoc in e-world especially on Windows environment. You might be aware of the past and recent ransomware attacks by cyber criminals. These attacks are clearly targeting MNCs and high profile victims. In this brief article, we will try to explain these jargons in layman’s terms.
So, what are these ransomwares?
Malicious codes which encrypt user data and demands a ransom for decryption. In the recent times, we have encountered many like WannaCry, Petrwrap, and more. All these are taking advantage of an exploit named EternalBlue.
How it all began?
Back on March 14, 2017, Microsoft issued a security bulletin [MS17-010] and patches for a flaw in Microsoft Server Message Block 1.0 (SMBv1) server. It’s not a new thing to ignore a Microsoft update, and many missed this update back then. Two months later on May 12, 2017, WannaCry outbreak happened. Microsoft issued urgent updates on the next day itself.
A month before the WannaCry outbreak, on April 14th, 2017, hacker group Shadow Brokers leaked an exploit code named ETERNALBLUE. This exploit is believed to be developed by USA’s NSA. According to Microsoft, NSA is responsible for this attack, as they were “stockpiling vulnerabilities” and other hidden bugs for their sake. A month later, on June 27th 2017, the exploit was again used to carry out a NotPetya cyber attack on vulnerable machines.
What these ransomwares do?
These codes spread mostly as attachments via emails. Once a system is compromised, it will steal the admin privileges, execute tasks, and encrypt the system. If the compromised system is in a network, then the code will spread to other connected insecure devices. WannaCry, the first in this series had a killswitch, which halted the outbreak. However, the modified variant Petya doesn’t have a kill switch at the moment.
What should you do?
- Never open any attachment or links in a suspicious mail or emails from unknown senders.
- Ensure that your Windows machine is up to date and have latest virus definitions.
- Backup your data regularly to safeguard it from unforeseen attacks.
- You can also try to “vaccinate” your PC – Petya Vaccine.
- If you suspect that your PC is compromised with Petya, ( unusual restart and CHKDSK initiation), power off immediately to protect your data. Data recovery is possible if you do so. However once encrypted, no known methods are available to decrypt them.
- You should never do the ransom payment.
Till date, several organisations have been impacted with Petya malware. Did you, your friend or colleague got into trouble with these malwares, if yes let us know how you dealt with it. Hope this article helps you to be aware of such malwares in future. Peace!