IS USING INTERNET SAFE?

-
Image
Many people surf the Internet as part of their work activities, others visit a wide range of pages to stay fully informed of the news in the world, perhaps simply to complement their educational training or to entertain themselves during leisure hours. But everyone wonders if it is really possible to surf safely on the internet and that is precisely what this article is about. What Is Internet Security? Within the operating rules and policies that are part of the management of the websites to which users have access, a series of parameters have been established in order to prevent and control unauthorized entry to the resources available within Internet. This is part of internet security and its goal is to maintain a level that allows users to enter each page without risks to their computer or the integrity of their personal information. Therefore, talking about security is having ways to prevent, protect and avoid unauthorized intrusion to private networks, such as corporate or ev...
Post a Comment

WANNACRY: ARE YOU SAFE?

-

We know that the start of the WannaCry encryption Trojan infection and it appears to be a global pandemic. We have counted 45,000 attacks in a single day, but the actual number is much higher.

What Happened?

A large number of entities have simultaneously reported an infection. Among them, there were British hospitals that had to suspend their operations. According to data provided by third parties, WannaCry has infected more than 100,000 computers. This number of infections is part of the reason it has attracted so much attention.

The largest number of attacks were in Russia, but Ukraine, India and Taiwan have also suffered damage. During the first day of the attack, we discovered that WannaCry was in 74 countries. Although in Spain the repercussion has been very great in the media, it has not been one of the most affected countries.

What Is WannaCry?

Overall, WannaCry comes in two pieces. The first is an exploit that takes care of infection and spread. The second is an encryptor that is downloaded to a computer after being infected.

The first is the big difference between WannaCry and most encryptors. To infect a computer with a normal encryptor, the user must make a mistake, such as clicking a suspicious link, allowing Word to run malicious macros, or downloading a malicious email attachment. A system can be infected with WannaCry without the user doing anything.

WannaCry: Exploit and Spread

The creators of WannaCry have taken advantage of a Windows exploit known as EternalBlue, which Windows patched with the MS17-010 software update. Through the exploit, the bad guys were able to gain remote access to computers and install the encryptor.

If you have installed the update, this vulnerability does not affect you and attempts to hack your computer remotely using it will fail. However, researchers would like to emphasize that patching the vulnerability will not completely stop the encryptor. Therefore, if you open it in any way (that is, if you make a mistake), that patch will not do you any good.

After successfully hacking a computer, WannaCry tries to distribute itself throughout the local network to other computers in the same way that a worm would. The encryptor looks for the EternalBlue vulnerability on other computers, and when WannaCry finds a vulnerable device, it attacks it and encrypts its files.

Therefore, by infecting one computer, WannaCry can infect an entire local network and encrypt all the computers on it. For this reason, large companies have suffered the most from the WannaCry attack (the more computers on the network, the greater the damage may be).

WannaCry: Encryptor

As a cipher, WannaCry (sometimes called WCrypt or, for no apparent reason, WannaCry Decryptor) behaves like any cipher; encrypts files on a computer and asks for a ransom to decrypt them. It looks a lot like a variation of the infamous CryptXXX.

WannaCry encrypts different types of files (this is the complete list) including Office documents, images, videos and other types of files that may contain important information for the user. The extensions of the encrypted files are renamed to WCRY and the file becomes completely inaccessible.

After this, the Trojan changes the wallpaper with an image that contains the information about the infection and the actions that the user is supposed to take to recover the files. WannaCry leaves notifications in text file format with the same information in all folders on the computer to ensure that the user receives the message.

As usual, one of the actions was to transfer a certain amount of money, in bitcoins, to the criminals. After that, they say they will decrypt all the files. The cybercriminals initially asked for $ 300, but then raised the ransom to $ 600.

In this case, the bad guys also try to intimidate the victims by claiming that the ransom amount increases after three days and, what's more, saying that after seven days it is impossible to decrypt the files.

As always, we do not recommend paying the ransom. Perhaps the most persuasive reason not to do so is that there is no guarantee that criminals will decrypt your files after receiving payment. In fact, researchers have shown on other occasions that cyber extortionists simply deleted users' files.

How domain registration stopped the infection, but it's probably not finished yet.

A researcher named Malwaretech was able to stop the infection by registering a domain with a long, meaningless name.

Apparently some versions of WannaCry targeted that domain, and if they didn't get a positive response, they installed the encryptor and started their dirty work. If there was a response (that is, if the domain had been registered), the malware stopped its activity.

After finding the reference to this domain in the Trojan's code, the researcher registered the domain and called off the attack. For the rest of the day, the domain had thousands of requests, which means that thousands of computers were saved.

There is a theory that this functionality was built into WannaCry (like a circuit breaker) in case something went wrong. Another theory, supported by the researcher himself, says that it is a way to complicate the analysis of the behavior of malware. The testing environments used in investigations are designed so that any domain returns a positive response; in those cases, the Trojan would do nothing because it is inside such an environment.

Unfortunately, in new versions of the Trojan, all the criminals will have to do is change the domain name indicated as "circuit breaker" and the infections will continue. So it's very likely that the WannaCry outbreak will continue.

How to Defend Against WannaCry?

Unfortunately, there is still no way to decrypt the files that WannaCry has encrypted, but our researchers are working on it. For now, prevention is the only hope.

We leave you some tips to prevent infection and minimize damage.

It is essential to fight against any new variants of the malware that may appear.

Install security updates. This is for all Windows users to install the MS17-010 patch. Microsoft has also released it for other systems that no longer receive official support, such as Windows XP or Windows 2003. Seriously, install it now, it's very important.

Create backups on a regular basis and save them on devices that are not constantly connected to your computer. If you have a recent copy, an infection from an encryptor is not a catastrophe; you’ll fix this by spending a few hours reinstalling the operating system and applications, then restoring the files. If you are too busy to make copies, use our built-in feature in Total Security, which can automate the process.

Comments

Post a Comment

Popular posts from this blog

HOW TO STAY UP TO DATE ABOUT KEEPING DATA SAFE?

-
Image
Secure Your Wi-Fi Network Wi-Fi is that the most convenient thanks to hook up with the web, especially if you would like to attach quite one device in your home. However, make sure your Wi-Fi network is secure. This involves: Using encryption, preferably Wi-Fi Protected Access II (WPA2) because it's the strongest. You should be ready to do that within the security settings. Change the router settings so that the SSID remains hidden and could not be found by potential hackers. Change the name of your network (the Service Set Identifier or SSID) so that hackers cannot guess the manufacturer of the router. Making sure to use a strong password to gain access to your network. Also be careful when using a public Wi-Fi network like in a café. Never visit a sensitive site like online banking on a public Wi-Fi network because criminals can easily steal your data this way. Beware Of Dangerous Links Sometimes your computer can get infected with a virus if you simply click on a w...
Read more

COMPANIES INTERNET SECURITY

-
Image
The Internet today allows companies to break down many barriers. The first is the barrier to entry in relation to larger businesses. And it is that although a few years ago small companies were destined to a small growth and to advance with their products only to the market that was geographically closest to them, today an SME can literally compete as equals and sell anywhere in the world 24×7, with the same capacity. In fact, the trend in the medium term is the emergence of micro-multinationals, SMEs that focus on a global market. All can go out into the world. Using the internet in the company also facilitates teleworking and increases productivity within the company, making it efficient and turning its service into a remote one. That it can be handled from anywhere in the world, the trend indicates, that you must become independent of any ties right now. It seems like magic, but no, the internet is a tool that, well used, can be very beneficial for a company. Focus and find the be...
Read more

IS USING INTERNET SAFE?

-
Image
Many people surf the Internet as part of their work activities, others visit a wide range of pages to stay fully informed of the news in the world, perhaps simply to complement their educational training or to entertain themselves during leisure hours. But everyone wonders if it is really possible to surf safely on the internet and that is precisely what this article is about. What Is Internet Security? Within the operating rules and policies that are part of the management of the websites to which users have access, a series of parameters have been established in order to prevent and control unauthorized entry to the resources available within Internet. This is part of internet security and its goal is to maintain a level that allows users to enter each page without risks to their computer or the integrity of their personal information. Therefore, talking about security is having ways to prevent, protect and avoid unauthorized intrusion to private networks, such as corporate or ev...
Read more