*Answers to 18 basic questions regarding WannaCry ransomware

TechViews News   …..

The WannaCry ransomware attack dominated tech headlines through the weekend. According to Europol,  WannaCry infected  200,000 computers in more than 150 countries, tied the UK health service in knots, knocked out the Spanish phone company, troubled train travelers in Germany, and took big swipes out of FedEx, Renault, a reported 29,000 Chinese institutions, and networks all over Russia—including the Russian Interior Ministry.

Although it looks like the worm started spreading on Thursday night (5-11-17), the real effects started showing up the next day on Friday.

For the most part, people are asking basic questions.

Here is what I have learned so far:

Can I get infected by the current infection of WannaCry?

Probably not. MalwareTech (a cyber tech worker) defanged the malware. Although there are a few situations where the threat persists, for most people, WannaCry has been out of commission since late Friday.

So the threat is over?

Not by a long shot. This is one of those clear times when the Microsoft needs to stop fooling around with its security updates and do it right. We already have reports from Matt Suiche of a new WannaCry variant that already has 10,000 infections logged. The WannaCry clones are coming, and many of them won’t be easy to stop. You have to get your Windows PC patched now.

Why didn’t WannaCry infect Windows XP or 10 computers?

Mostly because the code was written for unpatched Win-7 computers. However, Friday’s attacks used code from several sources, and researchers have determined that the code used didn’t include functions for Windows XP or Windows 10. Researchers think that is about to change.

That doesn’t mean WinXP and Win10 are safe. If unpatched, both have the same vulnerability as other versions of Windows that different code could exploit. Even though WannaCry’s exploit code doesn’t target WinXP or Win10, you can expect that other variants will, which is why every Windows PC should be patched immediately.

How do I patch my Windows computer?

If you’re using Windows 7, 8.1, or 10, you can run Windows Update and install all “important” patches. If you’re using Windows XP, 8, or Vista, special instructions apply. (See Infoworld’s detailed instructions.)

Can I get infected by opening an email attachment?

Not as far as we know. Nobody’s found an infected email, and a lot of people have looked. Kevin Beaumont has a video showing how WannaCry replicates worm-style over a network, with no email required. It takes two minutes.

Can I get infected by surfing to a bad website or viewing compromised ads online?

No.

How was WannaCry stopped?

WannaCry has an off switch. Before the infection mechanism runs, it tries to connect to a website with a very weird URL. If the website exists, WannaCry won’t run. By registering a website with the correct name, MalwareTech defused the WannaCry infection function. There’s lots of speculation as to the reason for the off switch, but nobody has a clue what the author was thinking.

Why the worry about copycats?

WannaCry code is widely available. Anybody with a hex editor can change—or delete—the off switch. Making a clone is easy, although getting it started might not be.

Where did WannaCry come from?

Nobody knows who put it together since the code is largely copy-and-pasted from the Shadow Brokers leaked code—specifically the part called EternalBlue. It seems likely (and Microsoft just confirmed) that the Shadow Brokers code was stolen from the U.S. National Security Agency.

But it should also be mentioned that the launching of WannaCry closely matches the attack on SONY Pictures three years ago. North Korea was blamed for that attack, and they could well be the perpetrator again.

So the NSA is to blame?

Not really. They didn’t write the code, they only had it stored on its servers.

So Microsoft is to blame?

It’s not that simple. Microsoft had nothing to do with the theft or deployment of WannaCry. However, Microsoft is certainly responsible for releasing operating systems that are not secure. There are legal discussions about that going on already.

Can antivirus software stop WannaCry?

All of the AV vendors have been working overtime to get WannaCry detectors working, and many have created advanced defense systems. Even if your AV vendor says it covers WannaCry, you still have to get Windows patched. No exceptions. To date, nobody has been able to crack the encryption.

If my computer gets infected, will all of the drives get hit?

Yes. Even your file history drive, along with any other computer within your network. This also applies to users with home networks as well.

So I should pay the ransom?

No. The idiot(s) who wrote WannaCry are handling all the decryption activity—the order fulfillment—by hand, according to @hackerfantastic. Even if you pay them, and thus encourage them and others to do it again, there’s a very good chance you won’t receive a response.

They made a killing off this, right?

As of Monday morning, the three hard-coded bitcoin wallets have accumulated about $60,000. You can see the latest results for yourself: wallet 1, wallet 2 and wallet 3. No bitcoins have been pulled out of the wallets, as of this moment, so the author(s) hasn’t spent any of it.

We were lucky it was “just” ransomware, yes?

No. We don’t have the slightest idea if WannaCry installed backdoors, or if there is some other unforeseen consequence to all of this, according to Dan Goodin at Ars Technica.

Is this a good reason to turn on Automatic Updates?

No. It’s a good reason to apply updates periodically. Microsoft released the patch (MS17-010) 60 days before WannaCry appeared. If you applied patches at any point during those 60 days, you were covered.

Is the stockpiling of vulnerabilities by government agencies problem?

Brad Smith, Microsoft’s head lawyer, thinks so. According to Smith:

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. … We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. … We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks.”

You should read the rest of his call to arms. He’s right.

Be Safe – Backup Your Data Regularly!

**********

And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s