The “WannaCry” attack caused panic worldwide and differed from other ransomware because it did not encourage users to download and execute malware via phishing email.
Instead it exploits a flaw in the Server Message Block (SMB) in Microsoft Windows and spreads through vulnerability of remote code execution via network port 445.
The result is installation of a trojan in a computer, from which it searches for other computers on a network so it can exploit the Windows SMB vulnerability in order to replicate the virus. “WannaCry” was programmed with an auto execution date of May 12, 2017, which was when the ransomware attack took place worldwide.
Microsoft fixed the Windows SMB vulnerability via update patches on March 14, so users who complied escaped the attack. However, the virus is now mutating and “WannaCry” variants will continue to wreak havoc at an alarming rate. If your computer is infected, we suggest you do NOT pay any kind of ransom. Even if you do, hackers might not bother to decrypt files for you.
NETVIGATOR suggests the following precautionary measures:
- Back up your computer’s operating system and files to an external hard disk. Disconnect and keep the hard disk in a safe place after back up.
- Back up your computer’s operating system and files frequently.
- Connect your computers to the Internet via a broadband router that has a firewall function. Do not open network ports 139 or 445 on your router.
- Enable the Windows “Automatic Update” function and install updates immediately they become available.
- Make sure you have installed a reputable anti-virus software and update to the latest virus signature. Perform a full system scan to ensure your system has not been infected by any kind of virus.
Find out more about the “WannaCry” ransomware here: