The WannaCry Malware

Everyone has heard of ransomware came out this year called ‘WannaCry.’ I was not a victim of WannaCry. However, I was a victim of the previous ransomware called the Locky last year. The Locky was a virus, which encrypts all kinds of document and asks you to pay the ransom for the decryption key. The virus has infected computers around the world, mostly through email attachments. Attachments in the email include MS macro, which is socially engineered for people to enable the macro. Once the macro is activated, it would trigger a locky file encryptor to encrypt all documents, except system and program folders, in the pc, with RSA-2048 and AES 128 file encryption. It’s a virus because they are attached to a file, which can replicate it through the executable file.

You might wonder how it is different from WannaCry. “WannaCry’s worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7” (Arifeen, 2017). WannaCry is similar to Locky in a way that it encrypts documents of the target computer. However, WannaCry makes use of smb remote code execution vulnerability in some of the older MS Windows operating system. The significant difference with Locky virus is that it can self-replicate itself through the MS vulnerability through the network.

Many systems are still vulnerable to these types of viruses and worms, especially if they are not properly managed. “A more appropriate response is to immediately and surgically contain the initial infection vector, before propagation can occur, preventing an outbreak in the first place” (Morville, 2006). Once it’s out, it’s out. It is important to prevent it when it can and stop it as soon as things break out. Having proper management, maintenance, security patches, and strict firewall configuration help to avoid these types of attacks.

References

Arifeen, M. (2017). GIGANTIC RANSOMWARE CYBERATTACK AND NEW THREATS. Pakistan & Gulf

Economist, 36(21), 9-13. Retrieved from https://csuglobal.idm.oclc.org/login?url=https://search-

proquest-com.csuglobal.idm.oclc.org/docview/1905665294?accountid=38569

Morville, P., & Arbel, G. (2006). FACE-OFF: Is anomaly detection the best way to prevent virus and worm

attacks? Network World, 23(10), 38. Retrieved from

https://csuglobal.idm.oclc.org/login?url=https://search-proquest-

com.csuglobal.idm.oclc.org/docview/215977526?accountid=38569

Leave a Reply

Your email address will not be published. Required fields are marked *