It’s the weekend’s IT news: a ransomware called Wanna Cry caused a global cyber attack infecting more than 500,000 computers, both private and corporate. Renowned companies such as Renault, a telephone operator in Spain, the Russian Ministry of the Interior, banks, universities, cash dispensers, an airport or hospitals have been affected, leading to the disablement of the computer network and therefore production (the Renault production line in Sandouville and Batilly had to be stopped).
Vodafone, FedEx and the National Health Service were also affected.
Ransomware (ransom software or ransom software) will require you to pay a fee to unlock your files stored on the computer and network. And it is not necessarily by paying that you will find your files…
How the virus is caught
It is usually through an email with an attachment that this kind of pollution infects a computer. The sender of the message may be an unknown person or the name of a relative whose identity has been misused. Often, mail looks like phishing and can mimic a bank’s email, EDF or a telephone operator.
Attached is a (fake) invoice or scanned (fake) document that contains a “virus” (virus is in quotation marks because it is not strictly speaking a virus and the antivirus software will not be able to do anything about it). You open the fake invoice, in Word format for example (no company sends an invoice in Word format) and a message asks you to authorize macros. One click on “yes” and the disaster begins.
If you have only one computer at home, you will lose at worst the files stored on it, but also those stored on hard disks and keys USB that are currently connected. No risk on the key USB that hangs in a drawer, of course. All your documents, photos, music… will be locked with a password. Worse for those who have several Windows computers on the network. And what about companies with thousands of jobs!
You will be asked to pay to retrieve the files in question… but be careful because paying does not mean finding your documents for sure! Tell yourself that hackers will have fun asking for a second ransom since the pigeon (you) will have paid a first time…
Features of WannaCry
We can talk about viruses since they spread and harm the computer, but the antivirus software will not be able to do anything about it.
WannaCry has several names: WannaCrypt, WanaCrypt0r, WCrypt or WCrypt.
WCry affects Windows computers only (not Linux or Mac) but that the old versions, not Windows 10. The following are therefore concerned Windows XP Vista, 7, 8 and 8.1 as well as Windows Server 2003 / R2, 2008 / R2 and 2012 / R2 (not 2016).
Windows 10 users, you do not risk anything for this ransomware but the following tips are to be followed to avoid the risk of being infected by another threat.
The ransomware will encrypt the computer files with a password that is impossible to guess or crack (keys RSA 2048 and AES-128-ECB ).
The files that will be locked have the following extensions:.doc,.doc,.docx,.xls,.xlsx,.ppt,.ppt,.pptx,.pst,.ost,.msg,.eml,.vsd,.vsdx,.txt,.csv,.rtf,.123,.wks,.wk1,.pdf,.dwg,.onetoc2,.snt,.jpeg,.jpg,.docb, .docm, .dot, .dot, .dotm, .dotx, .xlsm, .xlsb, .xlw, .xlt, .xlm, .xlc, .xltx, .xltm, .pptm, .pot, .pps,.ppsm, .ppsx, .ppam, .potx, .potm, .edb, .hwp, .602, .sxi, .sti, .sldx, .sldm, .sldm, .sldm, .vdi, .vmdk, .vmx,.gpg, .aes, .
ARC , .PAQ .bz2, .tbk, .bak, .tar, .tgz, .gz, .7z, .rar, .zip, .backup, .iso, .vcd, .bmp, .png, .gif, .raw, .cgm, .tif, .tiff, .nef, .psd, .ai, .svg, .djvu,.m4u, .m3u, .mid, .wma, .flv, .3g2, .mkv, .3gp, .mp4, .mov, .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .sh, .class, .jar, .java, .rb, .asp,.php,.jsp,.brd,.sch,.dch,.dip,.pl, .vb,.vbs, .ps1, .bat, .cmd, .js, .asm, .h, .pas, .cpp, .c, .cs, .suo, .sln, .ldf, .mdf, .ibd, .myi, .myd, .frm, .odb, .dbf, .db, .mdb,.accdb, .sql, .sqlitedb,.sqlite3, .asc, .lay6,.lay, .mml, .sxm, .otg, .odg, .uop, .std, .sxd, .otp, .odp, .wb2, .slk, .dif, .stc, .sxc, .ots, .ods, .3dm, .max, .3ds, .uot, .stw, .sxw, .ott,.odt, .pem,.p12,.csr,.crt,.key,.pfx, .der
So there is everything and everything: Office documents (Word, Excel), videos (MP4, AVI ), music files (MP3, WAV ), databases (SQL , MDB ), virtual machines (VMX , VMDK ), images and photos (JPEG , PNG )… Anyway, catching such dirt is like losing everything in your digital life .
If your PC Windows installs the automatic system updates on its own, there is no need to worry. Check your updates anyway so you don’t risk anything about WannaCry.
Where does WannaCry come from?
It’s pretty funny. The NSA (intelligence and surveillance services in the United States) had found a loophole in Windows operating systems. Instead of informing Microsoft, they used this security hole to monitor computers around the world. One day, the Shadow Brokers team found and publicly disseminated the tools used by the NSA to keep an eye on everyone. Microsoft responded by issuing a security update in March 2017.
But since Friday, May 12, 2017, a new threat has been using this vulnerability to infect hundreds of thousands of computers.
How is the Wanna Cry ransomware displayed?
The WannaCry ransomware is displayed as a red screen with a countdown and a notice to give money to hackers (without making sure to retrieve its files).
How to protect yourself from WannaCry ransomware
- Install the latest Windows system updates
- Install the latest updates of the antivirus software
- Install the latest software versions (Office, Acrobat Reader, VLC …)
And above all make regular and disconnected backups (hard disk stored in a drawer, for example, because a NAS always connected to the network will also be contaminated).
These rules do not only apply to WannaCry but must be applied on a daily basis. An operating system and the accompanying software are not infallible and may contain security holes. Updates exist to close these gaps and correct potential problems.
A Windows computer is no more sensitive than a Mac or Linux. However, with such large market shares, it is more profitable for a hacker to attack the Microsoft system to reach as many people as possible.
An up-to-date operating system + an up-to-date antivirus + no cracked software + regular backups = no risk of being paralyzed by computer .