WannaCry ransomware attack has disrupted the whole world by targeting 150 countries and infecting 300,000 systems. WannaCry has targeted hospitals, organizations, universities, businesses and government agencies, and blocked their data and asked $300 as a ransom for accessing.
The world’s biggest cyberattack, at last has been curtailed. Marcus Hutchins, a cyber security worker has stumbled across the solution while he was researching WannaCry outbreak that had hard impact on 48 NHS hospitals across Britain and triggered a “kill switch” to WannaCry accidentally and became “accidental hero” overnight.
How an Accidental Hero Stopped WannaCry Spread Temporarily?
Marcus Hutchins got enthused about WannaCry Ransomware spread as there is a popular belief that NHS employees don’t open phishing emails, so attackers would have used a different approach. He got the sample of WannaCry malware from his friend and fellow researcher, and he ran it in his analysis environment and observed that it queried a gibberish URL which isn’t registered. Hutchins has analyzed DNS queries volume to the unregistered domain using Cisco Umbrella.
To meet the Ransom page, Marcus Hutchins has run the sample malware in his virtual environment; the malware has started connecting to other IP addresses randomly using SMB, after encryption of the fake files provided by Hutchins. He then, registered the domain to further track the malware but the malware killed itself instead as it got directed to sinkhole server as it pinged the same IP address to all the victimized systems.
Initially, Hutchins didn’t realize that he has halted WannaCry spread with a mere $10 investment to register the queried domain. He has tweeted his finding on the name “MalwareTechBlog”. By activating a “kill switch” fortuitously, Marcus Hutchins has become accidental hero.
It’s a Temporary Halt, WannaCry will return in one or the other way:
“Kill Switch” discovered was a temporary halt to WannaCry spread but it could not help any of the systems that were already infected. All the organizations, businesses and individuals whose systems were infected are left with no other options than backups they had taken before the attack; paying ransom to get the access to the locked data is not at all an option.
More versions of Wannacry have been claimed by many security researchers. They have emphasized that these versions are either with different kill switch domains or without any kill switch function. These are targeting unpatched computer systems globally. To avoid being victimized, it is advised to patch your Windows PCs to the latest and get secured from SMB exploits.
Here are a few security guidelines to get protected against Cyberattacks like Ransomware WannaCry:
- Frequently take the backup of important data. Always have multiple backups, one on external drive and other on cloud.
- Make sure that the data backup in an external drive is not always connected to the system and should be stored offline.
- Make sure that external drive is password protected and encrypted to protect it from data theft.
- If you are using cloud backup solution like Dropbox/Google Drive etc. make sure that the cloud application is not synced automatically and the sync should be performed manually whenever required.
- Don’t save the credentials while using cloud application, always login manually.
- Don’t make the cloud application to start automatically with windows. It should be opened manually whenever required.
System Security Guidelines:
- Always make sure that only genuine operating system and software is installed and they should be up to date with the latest updates and patches. Don’t use pirated software, they may be packed with Trojans/malware.
- Always login and use standard account with limited user privileges in the windows and don’t run or use administrator account directly.
- Make sure that Windows Firewall is enabled and working. Make sure that your system is equipped with paid version of antivirus/antimalware solution with latest updates and always perform regular virus scans.
- Turn off macros and ActiveX in the Microsoft office files like word, excel, PowerPoint etc.
- Don’t download and Install unnecessary/untrusted applications from untrusted sources. Disable/block unnecessary services and applications and remove them from windows startup.
- Disable the autorun of USB devices in the windows systems. Don’t connect unknown/untrusted devices to the system. Always make sure to perform the virus scan on the external devices connected to the system before accessing the data in it.
Browser Security Guidelines:
- Always use Top browsers with latest version.
- Browse only the trusted websites with HTTPS protection. Don’t browse untrusted/ unknown websites.
- Disable automatically save credentials or sensitive information while browsing the sites.
- Be cautious about malicious emails/links. Use Antispam protection to prevent from spam or phishing emails.
- a) Don’t use or install unnecessary/untrusted plugins or tool bars. Remove outdated plugins and add-ons from browsers and always update the existing plugins to the latest version.
b) Remove or disable the following plugins like Adobe Flash, Adobe Reader, Java, Silverlight etc. If they are required to use, then configure the browser to ask the permissions to activate them.
- Customize the browser security and privacy settings for optimal protection.
- Use an ad-blocker to prevent the different cyber-attacks on browsers from malicious sites/ads.