How to beat WannaCry Ransomware virus, by Signal Alliance
Signal Alliance, a Microsoft enterprise partner in Nigeria has issued a WannaCry ransomware advisory to its clients and key users of Windows applications across the country. This was because of the unprecedented cyber-attacks being experienced by several businesses and public sector organisations locally and globally.
Speaking on the advisory, Kelechi Agu, Technology Lead on Security in Signal Alliance says, “as soon as we became aware of the unprecedented spread of the Ransomware attack which was hitting tens of thousands of businesses, worldwide – including the entire British Health Care sector. We immediately gave our clients a breakdown on what we know about the malware responsible for the encryption attacks, and what they can do to stop it.”
Wannacry is the malware responsible for what is now being regarded as the biggest online extortion attack in history. Technically, it is classified as a worm – a type of malware that is self-replicating and self-propagating.
Malware is any kind software that is specifically made in a variety of forms to disrupt, damage or gain unauthorized access to a computer system or network. It includes ransomware, computer viruses, trojan horses, worms, trojan, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.
Ransomware malware adds a whole new dimension because, it typically depends on the action of the user who clicks an email to propagate it. While WannaCry, being a worm, self-propagates by taking advantage of a vulnerability in Microsoft’s Server Message Block (SMB) protocol, an exploit known as EternalBlue. With Microsoft being the most widely used business platform/Operating System, WannaCry spreads quickly once it has infected a single host in a network.
On March 14th, 2017 Microsoft released a patch update to address the EternalBlue vulnerability exploit. EternalBlue is a hacking weapon developed by the US National Security Agency to gain access and to take control of computers running Microsoft Windows. Companies that are slow to apply these updates have become victims of this widespread ransomware infections. The first step to protecting your business is to make sure your servers, and endpoints are up to date. Older Operating System versions represent major vulnerability points.
According to Agu, the important countermeasures to take are; make sure your endpoint protection solution includes malware recognition and decryption features. If it doesn’t, it is time to invest in one; replicate and back up important business data and services, redundancy is key; and ensure all Operating System patch updates are applied quickly.
Initially, the ransomware was stopped by a kill-switch, discovered by an anti-malware researcher. This kill switch was an unregistered domain the virus was apparently trying to connect to, once inside the network. The researcher bought the domain, which effectively stopped the spread of the virus – temporarily.
Speaking further, Agu says, “Working with Microsoft, Signal Alliance is currently assisting organisations or individuals who are facing the WannaCry or Ransomware challenge or have set up a command centre to resolve the problems professionally.”