While the world still continues to recover from the shocking attack of WannaCry virus, the cyber police still continue to look for the people behind this humongous disaster. Events of system compromise seem to be increasing by the day and the recent attack of WannaCry ransomware virus shook the world. A ransomware attack is a malicious software which infects the system and blocks the access of the victim to the data. They are threatened for ransom which if not paid the data is deleted or corrupted. Needless to say, you need to keep your system secure and here are some points which will help you prevent WannaCry ransomware virus attacks.
Before proceeding with the security let us get an understanding of what was WannaCry virus.
Also known as the WCRY or the WannaDecryptor is an encryption based ransomware which uses RSA and AES encryption ciphers to encrypt the files of its victims. In the havoc that happened recently, the victims were sent ransom noted which read “!Please Read Me!.txt files” which was a way to connect to the hackers. They demanded bitcoins in return for not harming their data. The original files of the victims were deleted but not before creating encrypted files. This would open only with a decryption key. The hackers threatened to increase the amount of ransom if it was not paid in the specified time.
The most affected were United Kingdom, Russia, Japan, and China. Britain’s National Health System suffered the most as there were many operations which were canceled or postponed, doctor appointments could not happen and treatment was delayed because the patient’s data was lost. Interior Ministry of Russia, Russian Railways, and some banks were also hit with the WannaCry virus. There are many companies that paid the ransom but many did not.
Who were the main targets of WannaCry Virus?
Hackers know who to ask ransom for. Companies and businesses who can’t afford to lose data such as airlines, banks, hospitals and government offices. This doesn’t mean the others are spared. Data is important for everyone and the hackers try their luck on anyone who falls for their trap. Even the individual users are at risk. The only way is to protect their system and don’t allow any type of emails in their inbox, if you do get one don’t open the attachment.
However, in order to prevent WannaCry ransomware attacks your system here is what you could do:
Step 1. Always backup, always backup, always backup! keep chanting this. Make it a compulsory habit and a part of your daily routine. Every file of your system should be backed up. The program that you are working on should be backed up. Store one copy in physical media and one in the cloud. If you are confident that you have all your files safe you don’t have to bend down on any ransomware attacks because you know your data is safe. Also, keep a check on the integrity of your backup some time.
Step 2. Stay away from any type of suspicious attachments. Please don’t open any email attachments sent by people who you don’t know. This goes not only unfamiliar people but even familiar ones like banks, delivery service notifications, law agencies etc.
Step 3. If you really want to prevent WannaCry ransomware then change the settings of anti-spam of your email instantly. The ransomware virus seems to be spreading through flashy emails that have contagious attachments. You should have your webmail server configured to block doubtful attachments. Use extensions like .vbs, .exe and .scr.
Step 4. There is a ‘Show File Extension’ feature in Windows which prevents such ransom viruses. This feature tells you which files are being opened. There is another technique which the hackers could use and misguide you where one file is assigned for more than one extension. Take for example, an executable would look like an image file and have a .gif extension but some files could have two extensions – e.g., pretty-cat.avi.exe or table.xlsx.scr. You need to beware of such dubious extensions.
Step 5. There is a functionality built in the Windows known as ‘vssaexe’. This function is meant to oversee Volume Shadow Copy Service which is a tool that is helpful in restoring earlier versions of arbitrary files. However, with such ransomware viruses, the vssadmin.exe seems to be an unfavorable service. If this functionality is disabled on the computer when the system is being compromised then the ransomware will fail to use it for destroying the shadow volume snapshots. This means you can use VSS to restore the purposely encrypted files later on.
Step 6. Firewall’s are there for a reason, always keep them configured and turned on. They detect and ultimately prevent WannaCry ransomware attacks on your system.
Step 7. AutoPlay should always be deactivated. This way any harmful viruses will not launch automatically from external media like USB memory sticks.
Step 8. Any wireless connections when not in use should always be turned off. Infrared ports and Bluetooth have been compromised many times and the viruses have taken over the system.
Step 9. The Onion Router or the TOR are the main gateways for ransomware threats so if you want to prevent WannaCry ransomware then block the IP addresses. They communicate with their C&C servers and infect the system.
Step 10. If your security software offers the feature to scan archived or compressed files turn it on.
Step 11. Ensure that the file sharing in your system is disabled this way if your system is compromised then the virus will not spread.
Step 12. Keep your passwords strong. Easy passwords are an open invitation for attackers. They will take over your system and steal your data and personal information. There are many tools which generate strong passwords for you use them and be safe.
Ransomware viruses can put a stop to businesses just as it did in the hospitals. Always be on your guard and train your employees on cyber security. Individuals can browse the internet and learn tricks to keep their system safe.