What is virus WannaCry?
Spreading in minutes, the most rapid virus consists of two parts: first, attacker part uses operational system error to enter into it, the second part is the encryption that is downloaded from internet after accessing the computer.
The difference from other virus is that usually virus accesses the computer because of the user’s mistake, for instance, when user mistakenly opens e-mail file or enters the specific link, while WannaCry infection can occur independently from the user.
Virus creators are using a bug that was discovered on March 14, 2017, in a Windows operating system known as “EthernalBlue”. This bug was fixed with MS17-010 update. If you have an automatic Windows update mode, your computer is protected from infection. But after the update you will not be protected from infecting the virus through the usual way.
As soon as it gets into the system, the virus is trying to get into other computers through the internal network, scanning their EthernalBlue error, this is why, the virus is very dangerous for big companies.
The encryption is searching for files that are potentially important for the user, like Word, Excel, PowerPoint documents, e-mail bases, graphic program files, data bases, video and audio files and encrypt them by changing the codes and expansion with .WCRY, after what it becomes unable to open it.
The virus then changes the desktop background and gives notification that the computer is infected and the actions to be taken for users to (probably) access the files.
Usually it’s required to pay specific amount using cryptocurrency Bitcoin, initially this amount was $300, in some versions this amount reached $600.
The user is given 3 days for payment, after which the amount can be increased and after 7 days it can become impossible to recover files.
The first attack was repelled by security researcher known as Malwaretech, who stopped the infection using simple way: he bought a domain name (an insignificant address iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com).
As it turned out, some versions of WannaCry addressed this domain and only in case of its absence, it started actions.
Creating this domain name was a kind of suspension button for the virus.
Malwaretech has neutralized the infection process by finding the address in the virus code and registering it.
During the day, Tens of thousands of infected computers addressed at this level.
Unfortunately, shortly afterward, the new version of the virus has been launched. The new version can’t be stopped with this method; hence the new attack waves are expected.
How to protect ourselves from WannaCry?
There is no any way to decrypt or recover encrypted files, currently, security experts of different companies work on it. Accordingly, the most important is to protect the computer from infection. It’s necessary to:
- Update your anti-virus data base and scan critical districts of the computer;
- Install operational system updates;
- Create backup for important documents and data, write copies on such devises that isn’t connected to the computer all the time or upload on cloud servers (Dropbox, Google Drive, etc.);
- The virus damages Microsoft Windows operational system, hence, if you use Mac Os or Linux, you are protected.