WannaCry is a strain of ransomware that emerged in the wild on May 12, 2017, and quickly spread to infect over 200,000 systems in more than 150 countries.
Also known as WannaCrypt, WanaCrypt0r, WCrypt, and WCRY, the WannaCry worm takes advantage of a specific exploit in Microsoft's Server Message Block (SMB) protocol codenamed "EternalBlue" and uses phishing e-mail scam tactics to infect older, unpatched Microsoft Windows systems.
Potential Damage of WannaCry Mitigated by Security Patch and Kill Switch
Microsoft patched the "EternalBlue" SMB security flaw in an update advisory released on March 14th (MS17-010), although it only applied to Windows 10 at the time. WannaCry however was developed to target unpatched Windows 7 and Windows Server 2008 and earlier operating systems.
While these security patches have helped mitigate the potential spread of WannaCry, many Windows systems remain out of date when it comes to recent security patches and as a result continue to be vulnerable to ransomware like WannaCry and other malware.
The potential damage of WannaCry has also been mitigated by the trigger of a "kill switch" found in the WannaCry code. The WannaCry code was designed to attempt to connect to a specific domain and only infect systems and spread further if connecting to the domain proves unsuccessful. Since its emergence in the wild, the domain name in the WannaCry was registered and set up, resulting in limiting the further spread and damage of the initial strain of WannaCry.
How WannaCry Works and Spreads
WannaCry has two main components: a dropper Trojan that seeks to exploit the SMB security vulnerability on older, unpatched Windows systems and the ransomware itself.
Systems infected by WannaCry are used to attempt to infect other unpatched Windows systems on the local network as well as across the Internet.
On infected machines, WannaCry encrypts all the files it finds and renames them with a .WNCRY file name extension. WannaCry then creates a ransom message in each directory and replaces the background wallpaper image with a ransom message demanding users pay $300 in Bitcoin currency in order to have all their files decrypted and restored to normal.
Protecting Against WannaCry and Other Ransomware / Malware Attacks
To protect systems from WannaCry and other forms of ransomware and malware, Microsoft recommends upgrading to Windows 10, which isn't vulnerable to the WannaCry / WannaCrypt variants.
Users are also encouraged to install the SMB security update on older Windows systems and to stay current on all security patches and updates through the Windows Update service.
Additionally, users can specifically disable SMB if desired by following the instruction in this Microsoft Knowledge Base Article or restrict SMB traffic by adding a rule on the network router or software firewall to block incoming SMB traffic on port 445.
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »Huge List of Computer Certifications
Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »