What is WannaCry 2.0 Ransomware?
WannaCry malware also referred to as WannaCrypt, WanaCrypt0r 2.0 or Wanna Decryptor, is a virus that combines a ransomware and a worm.
The WannaCry attack is considered to be the most widespread cyber attack in history. This unprecedented worldwide attack, with malware that encrypts data and demands a ransom of $300 in Bitcoins for the decrypting software, has been successful in infecting over 200,000 machines in 150 countries. The full extent of the infection is not known, yet.
The unprecedented outbreak was stopped from its routing run by a young British computer expert, Marcus Hutchins, who is pretty modest and states that he was just doing his job in stopping botnets. Hutchins, who had not wish to be named earlier, is considered to be a savior and he has in fact saved governments and organizations millions and millions of dollars, and an immeasurable amount of data.
How does it affect systems in a network?
The initial infection could have occurred by phishing or spearphishing attacks that tempt victims to click on links (malicious) or open attachments. Once this malware infects a machine or system it can quickly spread to other connected systems on the network, as well as random unconnected computers – using the EternalBlue exploit and DoublePulsar backdoor malware tools that had been developed by the NSA. EternalBlue is a remote code execution attack that exploits the SMBv1 vulnerability in Windows. Hutchins had discovered the “kill switch” when he was analyzing the malicious code. He became suspicious of a link to an unregistered web address. Based on his experience in blocking bots, he registered the web address and this triggered the kill switch.
A significant reduction in the spread of the infection was observed, but as cyber security experts warned, new variants of the malware were expected. As feared, WannaCry 2.0 ransomware arrived with no kill-switch. But, as it had a corrupted payload, it did not cause damage. It may not take long for improved variations to be released.
The WannaCry exploits vulnerabilities in Windows operating systems. The flaw is a vulnerability in the Windows Server Message Block (SMB) service which is used by Windows computers for sharing files and printers within a network.
The Microsoft Security Response Center has stated: “we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.” Microsoft had earlier (much before the attack) released a patch for Windows 10 systems.
Who Are All Affected
U.K.’s National Health Service (NHS), NHS Scotland, Spain’s Telefonica, FedEx, Deutsche Bahn, LATAM Airlines, Renault, Nissan Motor Manufacturing, Chinese public security bureau, PetroChina, Ministry of Internal Affairs of the Russian Federation, Ministry of Foreign Affairs (Romania), Deutsche Bahn, Lakeridge Health, Russian Railways, Andhra Pradesh Police (India), and many others. The extent of infection is coming in.
How Comodo Advanced Endpoint Protection Prevents WannaCry Infection?
Comodo’s Advanced Endpoint Protection prevents WannaCry ransomware infections through its Containment technology. Comodo’s unique technology creates a completely virtual environment with virtual hard drive, virtual registry, and virtual COM interfaces. The malware will be able to perform all activities that it desires only to duplicate files in the virtual environment. All original files and data on the computer remain safe and intact. Whether it is ransomware or any other form of malware, Comodo’s Containment technology will prevent any type of infection.
Check out this video on how Comodo prevents WannaCry infection.