Dinesh Yadav, Centre for Cyber Crime Investigation, Noida told Indian Express, “WannaCry encrypts core system files and the operating system stops functioning. When you click on anything, a pop-up window opens where the attacker asks for more ransom to decrypt files.”
As the global ransomware attack continues, the Uttar Pradesh police, on May 16, issued a set of measures asking organisations to comply with them in order to protect themselves from the ongoing cyber attack. An Indian Express report says UP police has informed that ‘WanaCrypt / WannaCry ransomware’ can propagate itself once it discovers a vulnerability in the Windows System. Speaking about the same, Dinesh Yadav, Centre for Cyber Crime Investigation, Noida told Indian Express, “WannaCry encrypts core system files and the operating system stops functioning. When you click on anything, a pop-up window opens where the attacker asks for more ransom to decrypt files.”
“This is possibly the biggest virus attack. It knows how to exploit vulnerabilities in Windows XP, Windows Vista, Windows 7, Window Server 2008 and earlier versions,” he added further.
As per the UP police directive, if it attacks your systems, your immediate efforts should be towards preventing further spread of the malware within your environment followed by hunting for any dominant infection and sanitising your network. Here are the steps that need to be taken in case of an attack:
1. Patch all Microsoft systems with MS17-010
2. Ensure Antivirus updates on all systems
3. Strengthen the email filtering and spam gateway
4. Set-up a local sinkhole to activate kill switch within the organisation
5. Implement additional firewall rules, web gateway rules and detection mechanisms.
You can also watch
The report further quoted the UP police saying that WannaCry may enter your organisation as a phishing email with malicious attachment or URL. The malware may also infect any inadequately protected server, it added. The police have also asked people not to ‘pay a ransomware ransom’ as doing so will fuel the ransomware economy.
The WannaCry ransomware spread quickly across the globe within hours of being discovered. As per a NDTV report, WannaCry was stopped in its tracks by a British researcher, but it did infect nearly 2 lakh computers worldwide.