A widespread ransomware attack which is affecting several IT organizations in multiple countries. This ransomware attack called Wanna (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r and Wana DeCrypt0r) is encrypting files and changing the extensions to: .wnry, .wcry, .wncry and .wncrypt. The malware then presents a window to the user with a ransom demand.
To help keep your devices safe against ransomware attacks, such as Petya, back up your data regularly. Make sure automatic updates are turned on, and your devices are up to date.
In Windows 10, go to Settings > Update & Security. You’ll see your update status there.
In Windows 8.1, go to Settings > Change PC Settings > Update and recovery.
In Windows 7, go to Control Panel > Windows Update.
If your update status says that your device is up to date, then you’re all set. Otherwise, Microsoft recommends you immediately install Microsoft Security Bulletin MS17-010.
Ransomware is computer malware that restricts access—or even stops you from using your PC—or encrypts your files. It then tries to force you into paying money (a ransom) to regain access to them.
Some of the ways you can get infected by ransomware include:
Visiting unsafe, suspicious, or fake websites.
Opening emails and email attachments that you weren’t expecting or from people you don’t know.
Opening malicious or bad links in emails, Facebook, Twitter, and other social media posts, or in instant messenger chats, like Skype.
You can often recognize a fake email and webpage because they have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
Ransomware can target any PC—whether it’s a home computer, PCs on an enterprise network, or servers used by a government agency.
How can I help keep my PC secure?
Applying the Microsoft patches MS17-010 should be enough to protect against the EternalBlue Exploit. It enables to protect the system from the rapid spread of the Wanna ransomware attack. Microsoft and others are advising that customers should consider blocking legacy protocols on their networks. Particularly SMBv1 as an additional defense-in-depth strategy to further protect against attacks.
The Wanna malware variants that we have seen include a lookup to a URL. If the malware gets a response, the attack stops. This has been described in some media reports as a “kill switch”. The domain for the URL was registered and activated by an independent malware analyst intending to track the malware. Means that if current variants of the ransomware can reach the URL the attack would stop.
You can also use antivirus solution like Sophos Intercept X,which provides security for latest crypto attacks and viruses.