A few days ago, a widespread outbreak of the WannaCry virus – which uses the Trojan program – began to become a pandemic threatening the whole world; it was called an epidemic due to its massive spread that resulted in more than 45,000 cases in just one day, The actual figure is much larger than that.
Russia came first in terms of vulnerability to the virus. Several countries such as Ukraine, India and Taiwan have also suffered from the virus. In total, 74 countries were affected by the virus, all on the first day of the attack.
What is meant by WannaCry virus?
The WannaCry virus is generally attack in two stages: the first phase called exploiting the gaps and aims to infiltrate and spread, and the second phase called cryptography. This is doing by an encryption program that downloaded to the computer after infected with the virus.
This is the main difference between the WannaCry virus and most other encryption programs. To be able to infiltrate a computer through a shared encryption program, a user must commit a line, such as clicking on a suspicious link that allows the Word program to run a malicious macro, or to download a suspicious attachment from an e-mail message. The systems infected with WannaCry without any error.
WannaCry virus: exploit gaps and spread
The WannaCry virus users benefited from the “EternalBlue” vulnerability and took advantage of Microsoft’s vulnerability in MS17-010 security updates on March 14 this year. By using this vulnerability, hackers could remotely access computers and install the encryption software.
If you install the update, and the vulnerability no longer exists in your computer, you will not find any attacks to remotely compromise your computer.
After the WannaCry virus successfully penetrates the computer, it will try to spread over the LAN to access other computers, just like a computer worm does. The software then scans other computers for the same vulnerability that can exploit with the “EternalBlue” vulnerability. When the WannaCry virus finds a weak mechanism, it attacks and encrypts files inside.
The more computers on the LAN, the more damage it will cause.
WannaCry Virus: Encryption Program
The WannaCry virus encrypts various types of files that include – of course – office documents, images, sound clips, archived files, and other file formats that may contain user-critical data. The file extensions renamed to “WCRY” (the name of the encoder) and the files become inaccessible at all.
The Trojan software then changes the desktop background to a picture that contains information about the infection and the actions that the user must do to restore the files. The WannaCry virus sends notifications in the form of text files that contain the same information in all folders in the computer to ensure that the user receives the message.
As always, all these things end up transferring a certain amount of “Betquin” to the bad guys purse. After that, encryption may be encrypt from all files.
How do I face the WannaCry virus?
Unfortunately, nothing do now to decode the files that WannaCry hacked and encoded (but our researchers are working to find a solution). This means that the only way to deal with hacking is to avoid being compromise in the first place.
Here are some tips on how to prevent hacking and minimize dam:
- If you already have a Kaspersky Lab security solution installed in your system, we recommend that you do the following: Start a manual scan of the parts that are critical to you, and if the security solution detects a malicious program such as MEM: Trojan.Win64.EquationDrug.gen, restart Your system.
- If you are an existing client, keep the System Watcher module on, it is necessary to combat the new types of the virus that may appear.
in addition to,
- Make backup copies of files regularly and store copies in storage devices that didn’t always connect to your computer. If you have a recent backup, the virus will not be a disaster. But it will be a waste of many hours to reinstall the system. If you do not want to create backups yourself. You can take advantage of the Kaspersky Total Security backup service that can automate this process.
- Use a trusted antivirus program. Kaspersky Internet Security can detect the WannaCry virus. When it tries to break through the device when it tries to spread over networks. In addition, the integrated System Watcher has the ability to eliminate all unwanted changes.