Wannacry is a Ransomware infect and encrypt data across over 100 countries in the world, include Viet Nam. Wanna cry use a vulnerability of share file service SMB in Window ( MS 17-010) was released by the hacker group The ShadowBrowkers to attack and infect. Currently, the ransom have to pay to decrypt files is from $300 – $600 in bitcoins.

Microsoft have issued patch name MS17-010 to remove this vulnerability on 14 march 2017, before Exploit tools of NASA named (EternalBlue / DoublePulsar)  was released by the hacker group The ShadowBrowkers, however many organizations and end users had not yet applied it. By the time tools of Nasa were spread, many professor forecast that there will be a Ransomeware pandemic.

There are many tools on the Internet can “block and detect WannaCry,” however these solutions are often ineffective or intended to polish the name, creating a panic effect. The latest update Windows Defender tool of Microsoft can completely prevent WannaCry without having to install any other tools. In this article, we will show how WannaCry attacks, infects, and how to prevent WannaCry.

Update: WannaCry supposedly has source or related to hacker team from North Korea, link.

  1. MS17-010
    This vulnerability appears on SMB, a file-sharing service, which is publicly known by ShadowsBrowkers, which allows an attacker to exploit and execute arbitrary code remotely on a user’s computer
    This vulnerability is considered to be extremely serious because SMB is a file-sharing service that launches the same system on many version of the Windows operating system.- Người dùng cá nhân: Windows XP, 7, 8, 8.1, 10- Server: Windows Server 2003, 2008, 2012, 2016Affected version:-For unsupported operating systems (Windows XP, Windows 8, Windows Server 2003) Patches can be downloaded and updated here-For the remaining operating systems are supported and can be updated through Windows Update or install patch . hereNOTE: The MS17-010 vulnerability can be exploited directly from the Internet for targets are servers running Windows Server, and for personal computers, MS17-010 can only conduct in the internal network.
  2. How Wannacry can infect
    WannaCry infects servers running Windows Server operating system directly using MS17-010 errors or other errors if the system has not been fully patched.+ Phishing+ Phishing incorporates exploit code for PDF, DOC, DOCX, … or HTA files.After successful installation to the user’s computer, WannaCry will continue to infect computers on the internal network via error MS17-010.
  3. How to protect from wannacry
    – Update and patch MS17-010 as per Section 1 above
    – Disable temporarily the SMB feature on Windows if you do not really need it. On Run, type Turn Windows features on / off and uncheck SMB as shown below:

-Backup important data to many places, or use file-sharing services: Dropbox, Google Drive, One Drive, …

-Especially, users do not download, install, use cracking software, or open text files attached via email with unclear origin. To be safe, users should open these documents on the Google Drive service before saving and opening them on their PC.

Reference

No Comments
Post a Comment