On 12 May 2017, an unnamed group of hackers launched a cyber-attack infecting more than 200,000 machines in 150 countries with a crypto-locker ransomware that acted as a trojan with worm-like characteristics once it was on a network. Most of the affected machines run Windows XP and those using current Windows OS that have not been appropriately patched.
The Windows XP operating system is an unsupported version of Windows that no longer receives software updates from Windows Update. These updates, Microsoft declares: “include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows such as new drivers for your hardware”. Microsoft did release a patch for Windows XP on 13 May 2017.
Shadow Brokers, a hacker group that is active globally, was initially responsible for the dump of National Security Agency (NSA) hacking tools, including the Microsoft bug that allowed the unnamed group of hackers to launch this attack. They found ‘Eternal Blue’, a Microsoft Windows bug that the NSA was using for hacking the SWIFT banking system of several banks around the world and that was secured in March 2017 by Microsoft’s security bulletin MS17-010.
The unnamed group of hackers used this Windows vulnerability to put the crypto-locker ransomware like a trojan on the networks of enterprises in over 150 countries, including Britain’s National Health Service, FedEx, Deutsche Bank, Renault, Telefonica and other big companies.
What is a crypto-locker ransomware and how does it work
Crypto-locker ransomware is a trojan that targets computers, typically those running Microsoft Windows. Crypto-locker is usually propagated via infected email attachments by an existing botnet. Once activated, the malware encrypts files stored on local and mounted network drives using public-private key cryptography, with the private key stored only on the malware’s control servers. The malware then displays a message which offers to decrypt the data for payment (through either bitcoin or a pre-paid cash voucher) and threaten to delete the private key if the deadline passes.
How to be protected from ransomware
Keep your operating system updated. Configure a firewall. Don’t open emails and attachments from unknown senders that could allow a virus to propagate across the network.
A simple local backup may not be enough because it could be accessed by the ransomware and then encrypted too. Having a copy of your files in the cloud, with versioning, will let you restore prior versions safely once the ransomware has been removed or onto a new device.
How can Defenx help
Defenx provides anti-malware software that can protect against ransomware infections and cloud backup with versioning and bulk restore tools to ensure your files are securely saved. The combination of anti-malware and cloud backup is an effective protection against ransomware.