WanaCry Ransomware

The US National Security Agency, hacking weapons to command computers, espionage bent on bitcoins … you wouldn’t be blamed for thinking that you were reading a Sci-Fi script. However, far from Sci-Fi and nearer to WiFi is the reality of ransomware.

What is it?
Ransomware works by blocking access to your files unless a ransom – anywhere from hundreds to thousands of dollars – is paid.

How do you get ransomware?
It all starts with a click … most often people get infected through an attachment or link in a phishing email or social media message. Other infection routes include hacked websites, malicious popups and file sharing.

The Outcry over WanaCry

The latest and by far most devastating ransomware to date is “WanaCry”. WanaCry is delivered through a loaded hyperlink in an email, advert on a website or file share (Dropbox or similar.)

WanaCry was created as a worm, allowing it to spread virally across vulnerable machines. It takes just one infected PC to potentially bring down an entire network.

The intrusive ransomware ravaged hospitals, rail networks, banks and many other companies around the world in a matter of hours.
The fast acting worm locks down data demanding $300 for the decryption of each machine. Victims have a 6 hour payment window after which the ransom doubles, leaving them with 3 days to either pay up or face the deletion of their data.

Wanna know if you're vulnerable?

If you are using Windows 8 or Windows XP the answer is yes, you’re vulnerable! Microsoft have however released an emergency patch for these out-of-support platforms.

Microsoft released a fix for this exploit in March 2017 (MS17-010). If you haven’t applied the patch yet you are vulnerable. New variants of the worm may use other vulnerabilites, so keeping security and all software up to date is crucial.


Wanna detect Wana? Here's how:
Files disappearing or renaming themselves spontaneously.
Files that say @Please_Read_Me@.txt on your file shares.

Any files with extensions:

  • .wnry
  • .wcry
  • .wncry
  • .wncryt

Prevention is better than cure - don't cry over WanaCry...

  • Help keep security and all other software up to date.
  • Most anti-virus vendors have now added signatures for WanaCry.
  • Backup your data to ensure in the event of a ransomware attack you are not held hostage.
  • Think before you click! Don’t trust links or attachments you haven’t expected – even from people you know.

See anything suspicious?
Disconnect from the network immediately and contact your IT security team. Don’t give in to the demands of the criminals, as there are no guarantees.