Steps to take if you don't WannaCry

WannaCry ransomware encrypts files in infected Microsoft Windows system. This generally spreads using vulnerability in implementation of server message block (SMB) in the systems. It encrypts the data in the victim's computer to WanaCrypt0r 2.0 and asks for US$ 300-600 within 96 hours in Bitcoin (digital asset or crypto currency). If unpaid, the ransomware developers may delete the decryption key, causing the victim to lose all files permanently. Several such instances of users losing all their data following a ransomware attack have been reported earlier.

TT Bureau Published 18.05.17, 12:00 AM

Experts have assuaged fears about ATMs being vulnerable to ransomware attacks

About WannaCry

In the first phase of WannaCry attack, hacker(s) put down major airlines, educational institutions, health networks and computer systems, which caused delay in service.

How it spread

WannaCry spreads through phishing (fraudulent emails claiming to be from reputable institutions that induce individuals to reveal personal information), emails and hacked websites. Hackers run several email campaigns and send these with attachments such as .exe, .ly6, .sqlite3, and .class. Users opening the attachment, activates the ransomware and it gets installed in the computer and encrypts data.

Indicators of compromise

WannaCry appears as a random character folder in the ProgramData folder with the file name taskche.exe or under Windows folder with the mssecsv.exe and taskshe.exe file name

How to prevent attacks

System administrators, especially individual users, are advised a flurry of measures to protect their computers and the entire network from ransomware infections:

• Apply Microsoft's security patch MS17-010. The security update resolves vulnerabilities in Windows systems

• Back up important files to an external hard disk drive and keep it in offline mode

• Avoid using pirated copies of Windows

• Corporate houses should establish strong sender policy framework (SPF) and email filters to disallow these kinds of emails from coming in

• Server administrators should strengthen their firewalls to prevent the injection of such ransomware into the system. They should also disable the execution of .exe files on the server

• Users must disable remote desktop connections

• Administrators should restrict user's ability to install unwanted applications

• Keep operating system, third party software and anti-viruses updated

• If a computer in your networking system is attacked by ransomware, immediately disconnect the computer from the network

• A ransomware victim may try boot-level scanning of their system

Steps to take if you don't WannaCry

Posers on Pahalgam headway: Three weeks since terror strike, probe falters on accountability

Kashmir: Security forces gun down three militants amid search operation in Shopian

‘Pacem in Terris’: Peace on Earth – it may be happening

Let me be clear. It was the force of Indian arms that compelled Pakistan to stop firing

Indian-origin college student from US dies in accidental fall from hotel balcony in Bahamas

PM Modi reset bid with firm stand, Yatra amid backlash over US role in ceasefire

2.63 lakh duplicate voter cards discovered and rectified before deadline: EC official

Heat on Punjab CM Bhagwant Mann after 21 hooch deaths in Amritsar’s Majitha tehsil

BJP president Dilip Ghosh’s stepson found dead at New Town home, no foul play suspected

'Curtailment of democratic freedoms': India flags Bangladesh government's ban on Awami League

India reiterates Kashmir must be resolved bilaterally with Pakistan, says MEA

India expels Pakistani official over activities inconsistent with diplomatic role