What Is Wannacry? What Does WannaCry Ransomware Do?
- Author: Delia Davidson May 21, 2017,
May 21, 2017, 13:18
But computers and networks that didn't update their systems remained at risk.
WannaCry uses an exploit known as EternalBlue-developed by the US National Security Agency (NSA) and leaked online a year ago by a group calling itself the Shadow Brokers.
Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don't install security upgrades because they're anxious about triggering bugs, or they can't afford the downtime.
What versions of Windows are affected?
The attack largely infected networks that used out-of-date software, such as Windows XP, which Microsoft no longer offers technical support for. Check that intrusion detection systems are operating and examining traffic.
Microsoft ended up distributing the free patch for the older versions on Friday - the day the ransomware was detected.
Firstly, we would like to mention the Windows versions that are by far and large under the assault of WannaCry.
Greece: More protests, strikes ahead of major austerity vote
On Wednesday, at least 18,000 people demonstrated in Athens and Thessaloniki in union-sponsored protests against the bill. Police fired tear gas in return, but in a statement, confirmed there were no arrests and no injuries.
"What really makes the magnitude of this attack so much greater than any other is that the intent has changed from information stealing to business disruption", said Samil Neino, 32, chief executive of Los Angeles-based Kryptos Logic.
Some ransomware does also sometimes targets backup files, though.
Guinet, a security researcher at Paris-based Quarks Lab, published the theoretical technique for decrypting WannaCry files late Wednesday and Thursday, which Delpy, also in Paris, figured out how to turn into a practical tool to salvage files.
Efforts by IT security researchers to get to the bottom of the recent ransomware attack have been hampered by an inability to find early traces of the so-called WannaCry strain, according to research commissioned by Reuters and conducted by security ratings firm BitSight.
These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims. Do this even if you use another embedded OS, such as Linux or other Unix variants, as it's safe to assume that all complex software is vulnerable to malware.
WannaCry landed nine weeks after Microsoft's patch arrived. But there are a few things that businesses can do to limit the damage it causes. "That's what the data shows", MWR research head Pratley said.