What is malware and ransomware?
Malware is a general term that refers to software that's harmful to your computer, said John Villasenor, a professor at the University of California, Los Angeles. Ransomware is a type of malware that essentially takes over a computer and prevents users from accessing data on it until a ransom is paid, he said.
The WannaCry ransomware attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the crypto currency bitcoin in 28 languages.How it Attack Computer what message it deploys?The initial infection might have been either through a vulnerability in the network defenses or a very well-crafted spear phishing attack. When executed, the malware first checks the "kill switch" domain name.
If it is not found, then the ransomware encrypts the computer's data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same network. As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.In most cases, the software infects computers through links or attachments in malicious messages known as phishing emails."The age-old advice is to never click on a link in an email," said Jerome Segura, a senior malware intelligence researcher at Malwarebytes, a San Jose-based company that has released anti-ransomware software. "The idea is to try to trick the victim into running a malicious piece of code." The ransomware encrypts data on the computer using an encryption key that only the attacker knows.
What should you do to protect yourself?
Authorities in the U.S. and U.K. have issued guidance on what to do.
Individuals and small businesses should:
Meskerem Alemu (CEH,CISA,MSCS)
Leave a Reply.