As everyone knows by now, yesterday the most massive ransomware attack of all time that has blocked computers in hospitals, universities, banks and offices spread all over the world in almost every country, including Italy. The ransomware, known as WannaCry or also WannaCry, WanaCrypt0r, WCrypt, WCRY, blocks access to a computer or its files by asking for money to unlock it.
Victims with the infected computer are asked to pay up to $ 300 in Bitcoin to remove the infection from their PCs and unlock access to the files so that they don't disappear forever after 7 days.
The interesting thing about this WannaCry ransomware is that it exploits a Windows exploit (i.e. a vulnerability that was unknown to everyone) called Eternal Blue which was discovered and used by the NSA, until the secret was stolen and Microsoft was able to release the Windows patch in March 2017.
The problem is that many corporate computers and servers have not installed this patch, making Wannacry more lethal than ever.
The WannaCry exploit has the ability to penetrate machines running the unpatched version of Windows XP, Vista, Windows 7, Windows 8 and Windows Server 2008 R2, taking advantage of flaws in the Microsoft Windows Server SMB service .
Once a single computer in the organization is affected by the WannaCry ransomware, the worm searches for other vulnerable computers on the network and infects them, thereby causing a chain spread.
According to the first estimates, over 130, 000 computers were infected in 74 countries, including China (the most affected), the United States, Russia, Germany, Turkey, Italy (at the University of Milan-Bicocca) and even some hospitals in England, some Renault computers in France and 85% of the computers of the Spanish telecommunications company, Telefonica and then also Nissan in the UK and other companies guilty of leaving the PCs out of date.
The spread was stopped, at least temporarily, by an independent security researcher who, by chance, stopped the global spread of WannaCry by registering a domain name hidden in the malware.
In practice, malware ran automatically on a computer only after attempting to connect to a website, which was non-existent.
The researcher stopped the trigger mechanism by registering the domain used by the virus (which has an address with random characters such as www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea. Com ).
This solution, however, is only a temporary patch, does not work on servers that have firewall protection on internet connections and absolutely does not prevent those who designed the attack from making the right changes to continue it on vulnerable machines (or to spread the virus by email).
At the moment, however, there are no variants capable of activating without going through the "killswitch", that is, through connection to the domain and there is no news of infections coming from the internet (Wannacry spreads via corporate networks).
However, nobody can repair computers that are already infected because the locked files are encrypted in an almost impossible way to decrypt.
For those who are curious, an expert security technician has published a demonstration video of how it attacks the Wannacry virus and what happens on the computer when affected by the vulnerability.
More precise technical information can be read on the Github site where there is all the documentation of Wannacry and then on the Kaspesky sites, on that of Malwarebytes, on the Microsoft blog.
Leaving aside the story, the most important thing we need to know is how to protect yourself from WannaCry, which affects only Windows PCs and not other systems.
First of all, therefore, there is nothing to fear, if you are using a Mac or a Linux system and there are no problems for Android or iOS devices either.
If you are using a PC with Windows 10 updated with the installation of the April 2017 Creators Update version, there are no problems.
For Windows 10, Windows 7 and Windows 8.1 systems, Microsoft released, as early as March 2017, a patch to resolve the system vulnerability exploited by Wannacry.
So you just have to make sure that all available updates are installed by going to Control Panel> Windows Update and doing a search for new updates in Windows 7 and 8.1.
In Windows 10, go to Settings> Updates and Security> Windows Update instead.
The patch is included in several updates with abbreviations, for Windows 7, KB4019264, KB4015552, KB4015549, KB4012215, KB4012212 (even just one of them is fine) and for Windows 8.1 KB4019215, KB4015553, KB4015550, KB4012216, KB4012213 (even just one of these).
The patch released by Microsoft can also be downloaded and installed manually by going to the download page of the MS17-010 update or on the download page of the patch code KB4012213
Furthermore, as the problem is particularly serious, Microsoft has released the patch to cover the Wannacry problem also for systems that are no longer supported, namely Windows XP, Windows Server 2003, Windows 8 and Windows Vista .
Who has these systems, download the KB4012598 patch from the Microsoft site and install it.
In the meantime, vaccine programs and tools are also coming out to protect Windows PCs from Wannacry, such as the Trustlook WannaCry Toolkit that scans your computer and immunizes any detected vulnerabilities.
Wanawiki, on the other hand, is the first tool that allows you to decrypt files blocked by the virus .
Finally, it is worthwhile, to avoid any problem, even the future, to disable or remove SMB in Windows, which is not so obsolete in its version 1, the vulnerable version.
READ ALSO: Best Anti-Ransomware against Ransom Virus or Crypto
