WannaCry Ransomware: It’s Not Over, Better Get Prepared for Next Wave of Attacks


If you are following the news, by now you might be aware that a security researcher has activated a "Kill Switch" to stop

WannaCry ransomware

from spreading further, which has already infected over 170,000 computers across 99 countries worldwide only in past two days.

For those unaware, WannaCry is an insanely fast-spreading ransomware malware that leverages a

Windows SMB exploit

to target a computer running on unpatched or unsupported versions of Windows and servers and then spread itself like a worm to infect other vulnerable systems in the internal network.


No, It's Not Over!

In our previous

two articles

, we put together more information about this massive ransomware campaign, also explaining how the researcher, known as

MalwareTech

, accidentally halted the global spread of WannaCry by registering a domain name hidden in the malware.

That domain was responsible for keeping WannaCry propagating and spreading like a worm, but MalwareTech registered the domain in question, and created a sinkhole – tactic researchers use to redirect traffic from the infected machines to a self-controlled system.

If you are thinking that activating the kill switch has completely stopped the infection, then you are mistaken, because as soon as the attackers will realize, or maybe they have already learned by now, that the campaign has been stopped, they'll come back.

So, expect a new wave of ransomware attack, with an updated WannaCry variant, which would be difficult to stop, until and unless all vulnerable systems get patched.

Instead of depending upon mass email spamming, just like an ordinary malware campaign, WannaCry cyber attack leverages SMB exploit to remotely hijack vulnerable computers just by scanning every IP address on the Internet.

Even after WannaCry made headlines all over the Internet and media, there are still hundreds of thousands of unpatched systems easily available open to the Internet.

So, a similar strain of new malware would not take enough time to take over these systems as well as others connected to the same local network.

Demo of WannaCry Ransomware Infection

Meanwhile,

Matthew Hickey

, a security expert and co-founder of Hacker House, has provided The Hacker News two video demonstrations, showing packet traces that confirm the use of Windows SMB vulnerability (MS17-010).

And Second one...

Hickey also warned: Since, the WannaCry is a single executable file, so it can also be spread through other regular exploit vectors, such as spear phishing, drive-by-download attack, and malicious torrent files download.

Get Prepared: Install Security Patches & Disable SMBv1

MalwareTech also warned: "It's very important [for] everyone [to] understand that all they [the attackers] need to do is change some code and start again. Patch your systems now!"

As we notified today, Microsoft took an unusual step to protect its customers with an unsupported version of Windows — including Windows XP, Vista, Windows 8, Server 2003 and 2008 — by releasing security patches that fix SMB flaw currently being exploited by the WannaCry ransomware.

Even after this, I believe, many individuals remain unaware of the new patches and many organizations running on older or unpatched versions of Windows, who are considering to upgrade their operating systems, would take time as well as it’s going to cost them money for getting new licenses.

So, users and organizations are strongly advised to install available Windows patches as soon as possible, and also consider disabling SMBv1 (

follow these steps

), to prevent similar future cyber attacks.

For god sake:

Apply Patches. Microsoft has been very generous to you.

Almost all antivirus vendors have already been added signatures to protect against this latest threat. Make sure you are using a good antivirus, and keep it always up-to-date.

Moreover, you can also follow some

basic security practices

I have listed to protect yourself from such threats.



from The Hacker News http://ift.tt/2rdxE8e