Ransomware is a kind of malicious software that, as its name implies, takes a computer hostage and holds it for ransom. In this case, the attackers are asking for at least $300 in bitcoins for each computer affected by the attack.
With ransomware attacks, the malware locks down a target machine, encrypting its data and preventing the owner from accessing it until he or she agrees to pay up.
WannaCry is a program targeting Microsoft’s Windows operating systems where hackers take control of a computer and lock the data until the victim make a payment in return. This large-scale cyber-attack was launched on Friday where researchers observed 57,000 infections. The hackers demanded payments of $300 to $600 (roughly Rs. 19,000 and Rs. 38,000) using Bitcoins.
How Many People are Effected by WannaCry?
Primary countries affected by WannaCry Ransomware attack:
- United Kingdom
- The United States of America
Businesses that are effected World wide
- National Health Service hospitals and facilities around England
- he natural gas company Gas Natural, and the electrical company Iberdrola
- Japanese electronics maker Hitachi, a prominent Korean theatre chain and the Chinese government said their systems had been affected.
- Chinese state media reported that 40,000 businesses and institutions have been hit, according to NPR, including universities, gas stations and city services.
Effects in India
Ransomware incidents were reported from Kerala, Kolkata and Andhra Pradesh. However, no corporate office or institution came forward fearing that their brand image will take a hit if the news of their computers being infected goes public. The real impact of cyber-attack in India can be only assessed later this week.
Are victims paying the ransom?
Some are. The news site Quartz has set up a Twitter bot to track the bitcoin wallets linked to the attack, which are growing fatter by the minute.
actual ransom tweeted: The three bitcoin wallets tied to #WannaCry ransomware have received 194 payments totalling 31.38971127 BTC ($53,453.58 USD).
Solutions and Preventive measures.
- Microsoft Patch Update
Microsoft had released a critical patch for this vulnerability in March 2017, covered Microsoft Security Bulletin MS17-010.
Apparently, several organisations have ignored to update their systems regularly! If the systems were not updated in last 3 months, its time now. 🙂
- AV updates Signatures
All leading AV vendors already have the signatures defined to identify this malware. It is important that your antivirus is on auto-update mode and has the latest signatures updates installed.
Challenges in Windows Update and Latest Antivirus Update in Corporate Network
- No Proper Visibility on the Devices that are Updated
- Manual Intervention
- Restricted access to the users not allowing them for Updating
- Issue with EPO and Centralized Server
Prevention and Mitigation using Aruba Clearpass with Onguard
ClearPass OnGuard performs vital endpoint health checks and posture assessments automatically to ensure that all laptops are fully compliant with industry and internal requirements before they connect to wired and wireless networks.
You can automatically remediate or quarantine endpoints that are not in compliance with corporate posture policies. Using the administrator dashboard, it’s easy to keep an eye out for non-compliant devices, users, and the reasons for non-compliance.
Persistent agents allow for automated remediation for IT-issued devices while BYOD and guests can use a dissolvable agent that’s automatically uninstalled once the device is cleared.
Auto remediation allows remediation of Windows Updates and antivirus Automatically Which Pre-emptively Prevents Ransomware in the Network
Clearpass OnGuard is capable of supporting a wide range of mobile device operating systems, including Windows, Mac OS X, and popular Linux versions.