On Friday 12 May, hundreds of thousands of computers worldwide have been infected with a virus WannaCry. This malicious program through which attackers encrypt the necessary user files and demand ransom in exchange for unlocking the data.It is noted that it is also the largest attack in the history of the attack with ransom ware: hacking tricks already affected about a hundred thousand machines in 74 countries worldwide, according to Russian “Kaspersky Lab”. However,about 95 percent of the attacks were focused against CIS countries.
Patching the problem EternalBlue, Microsoft introduced the Bulletin MS17-010, dated 14 March 2017, so the first and foremost measure to protect from WannaCry would be to install this security update for Windows. However, update is considered on those versions of Windows, support for which has not yet ceased. But for legacy OS such as WindowsXP, Windows 8, and Windows server 2003, Microsoft also released patches.
It is also recommended to be vigilant in relation to the newsletters that come by e-mail and other channels, to use updated antivirus in monitor mode, to check the system for threats. In case of detection and elimination of activity MEM:Trojan.X64.EquationDrug.gene to restart the system and then verify that MS17-010 is installed.
It is now allowed to forget about regular backup of important data. However, note that the target ofWannaCry are the following categories of files:
the most common office documents (.ppt, .doc, .docx, .xlsx, .sxi).
some of the less popular types of documents (.sxw .files odt, .hwp).
archives and media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
email files (.eml, .msg, .ost, .pst, .edb).
database(.sql, .accdb, .mdb, .dbf, .odb, .myd).
project files and source codes (.php, .java, .cpp, .pas, .asm).
encryption keys and certificates (.key .pfx .pem .p12 .csr .gpg .aes).
graphic formats (.vsd .odg, .raw .nef .svg .psd).
virtual machine files (.vmx .vmdk .vdi).
If you are unable to avoid the infection, it is prohibited to pay the cyber criminals.
First, even in the case of transfer of money to specified Bitcoin wallet, there is no guarantee of the decryption of files.
Second, we cannot be sure that the attack on the same computer will not be repeated, and while the cybercriminals will not require a large amount of ransom.
And finally, third, the payment “services” of unlock will be encouragement for those who are engaged in criminal activities in the Network and will serve them an incentive to conduct new attacks.
Windows XP SP3 x86
Windows Server 2003 for x86
Windows Server 2003 for x64
Windows Vista x86 Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows 7 for 32-bit Service Pack 1
Windows 7 for x64 Service Pack 1
Windows 8.1 for 32-bit
Windows 8.1 for x64-based