That a hacker can have control over your data on your computer and can even demand ransom for it has become a horrifying reality with the WannaCry ransomware attack that was discovered on Friday.
So, what is WannaCry?
WannaCry is a ransomware program targeting Microsoft's Windows operating system has reportedly impacted over 10,000 organisations and 2,00,000 individuals in 150 countries.
Ransomware is a program that can get into your computer and if you click on unknown documents or programs it can keep you from using or accessing your data until you make a payment to the hackers.
The WannaCry program encrypts your files and demands payment in bitcoin in order to regain access.
WannaCry is not just a ransomware program, it's also a worm. This means that it gets into your computer and looks for other computers to try and spread itself as far and wide as possible.
Ransomwares also mutates over time finding different ways to access computers. WannaCry exploited a vulnerability in the Windows operating system with the hackers likely using a piece of NSA code released last month.
How to prevent an attack
The Computer Emergency Response Team of India (CERT-In) has issued a red alert about the ransomeware.
According to the Hindustan Times, experts said India is vulnerable as a large number of computers in the country run the Microsoft’s older operating systems like XP, and have not been updated yet. The CERT-In has advised users and organisations to apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17-010.
It added that WannaCry was targeting common file extensions such as ppt, doc, and tiff, along with media files such as MP4 and MKV files.
“The first step to do is to not open any attachment with the extension ‘.exe’ or ‘.js’ since prevention is better than cure. To add on to that, never open any email, leave one attachment from any unknown and untrusted sender,” Rizwan Shaikh, Founder of Pristine InfoSolutions, a Cyber Security company in Mumbai said.
CERT has also charted down a list of measures to prevent ransomware attacks such as performing regular backups of all critical information to limit the impact of data or system loss and not to open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign.
“Another way to prevent these attacks is to disable the ‘.fmb’ service in the computer. This is a service which is present in the computer and can make the system more vulnerable to these attacks. For the computers which have been affected by the malware, and they do not want to pay the ransom in bitcoins, they simply should delete all the data and start again. There is no other way to get out of it. There are applications which can detect the ransomware but there is no technology as yet which can give the data back,” Rizwan adds.
The CERT-In has advised maintaining of updated Antivirus software on all systems, follow safe practices when browsing the web, disable remote desktop connections, enable personal firewalls on workstations, among others.
“The first thing to do to protect all the data is to frequently back up all the data on the computer system depending how much work you do. That data should be stored offline on a hard disk. Even cloud backups are not recommended when it comes to these ransomware,” Mukesh Choudhary, a Cyber Security Expert from Hicube Infosec Pvt Ltd said.
Cyber security experts are imploring users to not click on attachments received from unknown persons.
“If you receive an email from an unknown person or source with an attachment and you want to open it, use a system with a separate internet connection. This is because if one computer (which, along with 50 other computers are part of the same internet connection), gets infected by the ransomware, all the other computers could get infected and all the data could be lost,” Mukesh said.
India is also vulnerable because of the widespread use of pirated software.
“Do not use any pirated software in the computer. This messes up with the security system in the computer and makes it vulnerable to attacks,” Mukesh says.
The CERT-In has also advised individuals or organisations against paying any ransom as there is no evidence of this guaranteeing that their files will be released. Instead it has asked anyone affected by the attack to report such instances to CERT-In and law enforcement agencies.
