A massive ransomware attack shut down work in many countries last week and Nigeria was not exempted. The attack began freezing systems and encrypting files with a demand for $300 in bitcoin, a classic ransomware tactic.
For those who know nothing about encryption and ransomware, let’s explain these to you first.
What’s a ransomware?
A ransomware is a type of malware designed to block access to a computer system or encrypt computer data files. When ransome is paid, access to the computer is granted again or the encrypted files are decrypted.
Wait, what does “encrypt” and “decrypt” mean?
“Encrypt” means to translate a data to something different using rules . For a very simple example, if I encrypt the word “hello” with these rules:
- “e” becomes “€”
- “o” becomes “:]”
- “l” becomes “\*/”
The encrypted form of “hello” would be “h€\*/\*/:]” . When it comes to a ransomware, it encrypts files much more harder than that. While “Decrypt” is just the reverse of “encrypt”. If I want to decrypt “h€\*/\*/:]”, using the rules given, it would be back to “hello” again.
However, when a ransomware attacks, it encrypts your data in the computer and does not show you the encryption rule, making it difficult to decrypt the files yourself.
So, here’s what happened on May 12, 2017
A ransomware attack named WannaCry, a kind of malware tool also known as WannaCrypt, WannaCryptor2.0, or WannaDecryptor 2.0. started infecting systems and encrypting data on computers. According to , nearly 74 countries in the world and more than 60,000 computers were attacked and infected by the largest ransomware cyber-attack launched on May 12, 2017. Not so long after early Friday, about 100 countries had been targeted.
At first, it came in the form of an email attachment that tricked the victims into opening (this is known as phishing). Then, by scanning random IP addresses on the Internet, it began to spread, infecting new random computers via TCP Port 445, just like how the Sasser worm infected computers on April 12, 2004.
It is still a mystery who was behind this, but the “Shadow Brokers” hacker group is suspected, since they released an exploit tool called EternalBlue, which is the heart of the WannaCry Ransomware..
How to prevent situations like this
- Disable windows SMB feature which will be enabled by default. Go to control panel >Programs >Programs and features>Turn Windows features on or off>SMB V1.0/CIFS file sharing support.
- Install released by Microsoft on 14th March 2017.
- Do not click on suspicious links from emails, google docs or anywhere on the internet. Update your system even if you use an unsupported operating systems like windows XP,7.
- Keep your Antivirus updated and use firewalls.
- Take regular backup of all sensitive and critical data.
Were you affected in the WanaCry attack? Tell us about it in the comments!