Companies and institutions from at least 74 countries, such as Telefonica, suffered a massive cyber attack yesterday with malicious software called ransomware, specifically with the program popularly known as WannaCry.
According to experts, many companies face this type of malware countless times a year. The hackers in most cases ask for a financial reward to remove it.
What is a Ransomware?
Ransomware is a type of malware that either limits or prevent users from accessing their own system, In most cases, it just encrypts the user’s files or locks the system’s screen unless a ransom is paid.
Modern day ransomware families were collectively categorized as crypto-ransomware, that encrypt only certain file types on infected systems and forces the system users to pay the ransom to get a decrypt key. Mostly the payment is in bitcoins.
How can you be Infected?
In the simplest way possible. The modus operandi goes by camouflaging the virus in any file that may be of interest to the user. It is enough that an employee has received an infected email and opened it – the most common method.
You may also be infected if you are browsing on bad reputation pages or even just by a click on a link with unknown origin.
You may be even infected through a non-original system update. Once malware assaults a computer, it expands to other connected systems on the same network. When it takes hold of the system, a message appears with the demands of the cyber-criminal.
Why did Antivirus could not Protect Telefonica From This Attack?
One simple explanation is that antiviruses are programmed to eradicate known viruses. In most cases, Antivirus software could not even detect the malware that has different encryption than the known one.
This particular malware seems to have taken advantage of a Windows SMB vulnerability to enter the host. Here is the article published by Microsoft on the ways to disable this feature on your computers as it is enabled by default.
Can you delete the files?
Once the cybercriminals take over the host, they can do (almost) whatever they want. The procedure that is usually followed by this malware is to disable the files so that they cannot be recovered unless the decrypt password is found.
You can only get that decrypt key when the demanded amount is paid to the attacker through bitcoins. There are no specific measures to find the decrypt key as it is hard-coded not any random generated.
Why Only in Bitcoins?
It is a virtual currency not regulated by any central institution and its transactions are anonymous that are performed with secret keys.
Which makes the bitcoin a perfect change card for this type of illegal activities.
Do Not Pay The Ransom:
Most of the security experts recommends not paying the ransom: not only because there is no guarantee to recover information, but also because this encourages such practice. On the other hand, it makes the user more vulnerable to such attacks again.
Back up your files Regularly:
Security experts like Avast offer free tools to remove any kind of ‘ransomware’. However, these type of malware can prevent any defensive action and the only alternative is to format the hard drive.
In that case, the computer will return to normal state, although you will need a backup to recover the contents.
You can set up your system for periodic backups or you can use online programs such as iCloud and Dropbox to access your information at any time.
Keep your antivirus and operating system up to date:
British telecommunications company BT recommends keeping up to date security updates. They fix vulnerabilities and contain files that can prevent many viruses from infecting the device.
It is also possible to download specialized ‘antimalware’ programs that slow down attacks and prevent them from spreading.