What is Wanna Decrypt0r 2.0 and how does it work?
Wanna Decrypt0r also known as WannaCry, Wcrypt, or WCRY is ransomware that encrypts the infected computers files using a unique encryption cipher (password) that is nearly impossible to decrypt or bypass without knowing the unique encryption cipher. This infection will quickly spread to other computers on the same network. Upon infection the infected computer will display this ransom notice shown on the right:
All of the encrypted files are unaccessible and applications will not work as the application files are also encrypted. They will demand payment in the form of bitcoins (an online crypto-currency) in order to decrypt your files. In many but not all cases the files are decrypted once full payment is recieved. The FBI and Cybersecurity professionals advise against paying the ransom as it encourages these attacks. However, if your organization doesn't have current secured backups paying the ransom is often your only course of action to get your files back.
How to prevent this Infection?
This particular ransomware is far more dangerous compared to other types of ransomware as it utilizes a set of exploit kits developed by the National Security Agency (NSA) that were leaked backed in April by a hacker group known as The Shadow Brokers.The main exploit utilized by this ransomware is exploiting a vulnerability found in Microsoft Operating Systems that allows hackers to infect computers without any form of user interaction (Email attatchments, Malicious links, etc). There is good news though! This Vulnerability was patched back in March by microsoft with the MS17-010 update. Ensuring that all of your systems are up-to-date with patching and system updates is one of the most important steps in preventing this infection. The next stage of protection against Wanna Decryptor and other forms of ransomware is using a good Anti-malware and Anti-Virus suite. We recommend Sophos Endpoint Security which has it's own proprietary software designed to detect Ransomware attacks and cut-off the connection before the encryption starts. The last step is less of a prevention and more of a preperation, backups. Having regular scheduled backups that are secured by being stored offsite or not visible on your network is an important part of any organizations IT security. These backups are your savior if a ransomware or other malicious attacks manage to break through the other layers of security.
Click Here to view a live map showing Wanna Decrypt0r 2.0 infections in real-time on a global scale.
For more information about Wana Decrypt0r 2.0 and the tools we use protect against such threats please visit https://community.sophos.com/kb/en-us/126733