A computer virus infection prompted a hospital’s use of electronic web-based services to display this message
Techtitanic has decided to step in with articles on the Ransomware. Please do read this article if you are new about this virus. The virus is seriously dangerous as it affects personal computers -not just organizations.
IS THIS VIRUS NEW?
Hackers stole the ransomware virus from the NSA to attack the public.
No.This is nothing new. Ransomware is like 5 years old when it first emerged in Russia in 2013. It was very popular in Russia but has spread all over the world now affecting countless number of firms and home networks who share files,install programs without clarification or clicking on email links that may result in ransomware.
So, WHAT is RANSOMWARE how does it harm you?
This is the message that will display if you are infected.
Ransomware, also known by the names WannaCry, WanaCrypt0r or Wcrypt is a malicious software that blocks access to data or threatens to publish or delete it until a ransom is paid.
There are 2 types of ransomware:
Encrypting ransomware and Non-encrypting ransomware
Encrypting ransomware is the one that is currently being highlighted. This is a virus which encrypts files, programs etc of your system and demands a ransom to un-encrypt them. Since the encryption is so complicated it is impossible to break the encryption. In fact, it might take thousands of years if a PC attempts to break them.
Therefore, the only way to get back the files is gets by giving the ransom and get the unlock key.
Non-encrypting ransomware This malware does not encrypt your files. It instead blocks access to them and shows irritating messages when trying to access them. Non-encrypting ransomware is a less harmful ransomware. Users can get rid of them by making a backup of important files and installing the operating system again.
ABOUT RANSOMWARE: Which computers were affected by the virus?
About Ransomware: All versions of the windows system where affected.
Only Windows Operating systems where affected due to a vulnerability in the SMBv1 (Server Message Block Version 1).
According to Kaspersky Lab, 98 percent of the computers affected by the ransomware were running on some version of Windows 7.
Here’s a list of computers that need to be updated for closing the vulnerabilities in SMBv1 and SMBv2:
Microsoft Windows Vista SP2
Microsoft Windows Server 2008 SP2 and R2 SP1
Microsoft Windows 7
Microsoft Windows 10
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows XP
Microsoft Windows Server 2003.
How does RANSOMWARE infect your PC ?
A ransomware can be installed by clicking on the link itself to get installed.
The ransomware is using a, publicly disclosed exploit in SMBv1 (Server Message Block Version 1). It’s an application level protocol used for sharing files and printers in a networked environment.
For this very reason people who depended on the LAN system or other network systems; where affected the most especially those who did not apply updates or use anti-virus soft wares.
Once one user opens the infected virus-the whole system will eventually be locked.
Ransomware took an advantage of the vulnerability in “Server Message Block” or SMB in Windows systems to affect networks like LAN.
Once a single computer in the network get infected when activating it manually by clicking on a malicious link, the WannaCry ransomware will get into the host’s network and infect all computer connected to that network.
The WannaCry file can affect you by downloading from unknown and unsafe online resources. WannaCry can even enter your PC if you click on email link attachments that are most likely to be unknown to you or is a spam. Once you download it will spread all over the network which you are connected to. It spreads to other computers on the Internet through the Internet TCP and computers connected to the same network.
File extensions infected by WannaCry
WannaCry scans your whole computer for files with any of the following file name extensions:
.dch , .ots , .vbs , .der” , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2, .123,.lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw ,.myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb
IT YOUR FILES ARE INFECTED WITH THE VIRUS THEN YOU WILL SEE THAT THE ABOVE MENTIONED WILL BE REPLACED WITH THE FILENAME “.WNCRY” to the file name.
If you do not share files using your windows operating system then you are safe. But its is still better to take steps by upgrading the system and installing updates. In addition, do not click on links you are unsure off and do not download files you are unsure of.
If you do pay the hackers then please remember there is still no guarantee that your system will be unlocked.
We will post more articles on ransomware so do stay aboard the techtitanic. Our next article will be on protecting windows system from ransomware.