We are under attack! You can neither run, nor hide. No system is secure. No file is untouchable! The virus has spread like a wild fire. More than 99 countries have been brought to their knees. And the worst of all – There is no cure!

Above statement seems like your typical dialogues narrated by Morgan Freeman like character in the beginning of a sci-fi movie. But truth be told, it’s actually happening in this real world. A dangerous ransomware called Wanna Cry Ransomware has wreaked havoc across the entire globe hitting as many has 200,000 systems in over 150 countries. Wanna Cry is by far the most severe malware attack to occur in 2017. UK has been the worst victim of this attack, where computers of the National Healthcare System were compromised. But before we explain you how dangerous Wanna Cry Ransomware is, it’s important to understand what actually is a ransomware.

Wanna-Cry-Ransomare

By User:Roke – File:BlankMap-World-v2.png, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=58863465

A ransomware is a malware that once installed or executed on a victim’s system, encrypts important files denying access to their users. The ransomware then asks for money (or ransom) in exchange of the decryption key from the victim. This amount is usually paid via untraceable Bitcoins to anonymous hackers. If the victims fail to furnish the desired amount, the data is forever lost. But even after paying the amount, there is no guarantee of data being recovered. So, if your system has been hit by a ransomware, it’s better to bid goodbye to your precious data than paying the hackers.

The ransomwares exploit vulnerabilities in victim’s Operating System to take charge. Wanna Cry ransomware takes advantage of a Windows vulnerability EternalBlue which is basically a SMB1.0/CF File Sharing protocol that, in lay man’s term, enables file sharing between closed networks in Windows. At the moment, the ransom amount demanded to unlock a file is $300, to be paid in BitCoins. The hackers have warned that the ransom amount will go up.

wanna-cry-ransomware

Since a large chunk of affected systems run on Windows, Microsoft has released a patch for latest Windows 10 operating system that is compulsory for users to download. Along with the patch, Microsoft has also released a guide to manually disable the EternalBlue for users who are unable to install the patch. You can find the link below this article. We at Xtrascoop advice you to visit the site for same.

Symantec has also released a list of file currently affected by Wanna Cry Ransomware. The list contains almost every important file type you can think of.

  • .123
  • .3dm
  • .3ds
  • .3g2
  • .3gp
  • .602
  • .7z
  • .ARC
  • .PAQ
  • .accdb
  • .aes
  • .ai
  • .asc
  • .asf
  • .asm
  • .asp
  • .avi
  • .backup
  • .bak
  • .bat
  • .bmp
  • .brd
  • .bz2
  • .cgm
  • .class
  • .cmd
  • .cpp
  • .crt
  • .cs
  • .csr
  • .csv
  • .db
  • .dbf
  • .dch
  • .der
  • .dif
  • .dip
  • .djvu
  • .doc
  • .docb
  • .docm
  • .docx
  • .dot
  • .dotm
  • .dotx
  • .dwg
  • .edb
  • .eml
  • .fla
  • .flv
  • .frm
  • .gif
  • .gpg
  • .gz
  • .hwp
  • .ibd
  • .iso
  • .jar
  • .java
  • .jpeg
  • .jpg
  • .js
  • .jsp
  • .key
  • .lay
  • .lay6
  • .ldf
  • .m3u
  • .m4u
  • .max
  • .mdb
  • .mdf
  • .mid
  • .mkv
  • .mml
  • .mov
  • .mp3
  • .mp4
  • .mpeg
  • .mpg
  • .msg
  • .myd
  • .myi
  • .nef
  • .odb
  • .odg
  • .odp
  • .ods
  • .odt
  • .onetoc2
  • .ost
  • .otg
  • .otp
  • .ots
  • .ott
  • .p12
  • .pas
  • .pdf
  • .pem
  • .pfx
  • .php
  • .pl
  • .png
  • .pot
  • .potm
  • .potx
  • .ppam
  • .pps
  • .ppsm
  • .ppsx
  • .ppt
  • .pptm
  • .pptx
  • .ps1
  • .psd
  • .pst
  • .rar
  • .raw
  • .rb
  • .rtf
  • .sch
  • .sh
  • .sldm
  • .sldx
  • .slk
  • .sln
  • .snt
  • .sql
  • .sqlite3
  • .sqlitedb
  • .stc
  • .std
  • .sti
  • .stw
  • .suo
  • .svg
  • .swf
  • .sxc
  • .sxd
  • .sxi
  • .sxm
  • .sxw
  • .tar
  • .tbk
  • .tgz
  • .tif
  • .tiff
  • .txt
  • .uop
  • .uot
  • .vb
  • .vbs
  • .vcd
  • .vdi
  • .vmdk
  • .vmx
  • .vob
  • .vsd
  • .vsdx
  • .wav
  • .wb2
  • .wk1
  • .wks
  • .wma
  • .wmv
  • .xlc
  • .xlm
  • .xls
  • .xlsb
  • .xlsm
  • .xlsx
  • .xlt
  • .xltm
  • .xltx
  • .xlw
  • .zip

On Saturday, a 22-year-old security researcher named Marcus Hutchins inadvertently slowed the spread of the WannaCry virus when he registered a domain name hidden within the virus’ code in an attempt to track the spread of WannaCry, unintentionally stopping its progress in the process. However, even he acknowledges that it is a temporary solution and the makers of Wanna Cry Ransomware will find a way around this. Hence, it is of utmost importance that our readers take following precautions –

  • Do NOT open any suspicious emails that have links to other sites or any attached files to download. Since time immemorial, Emails have been the goto method of spreading malwares and viruses.
  • It’s wise to keep periodic backups of your important file in a safe, offline storage.
  • If you have been affected by Wanna Cry Ransomware attack, do NOT pay the money to hackers. There is absolutely no guarrantee of recovery of your files.
  • If you are on a home network, disconnect your affected system from all the others.
  • For the time being, do NOT connect pen drives and external storage devices with public systems.
  • Do NOT connect with free/public WiFi networks on Airports, Railway Stations, Coffee House etc.
  • Do NOT download pirated programs or games as apart from being illegal, they may also house the Wanna Cry Ransomware.

The antivirus and other security companies are working tirelessly to find the decryption algorithm for the attack. Until then, the only way to stop the further spread of this ransomware is to take the necessary precautions and inform others regarding the same. We at Xtrascoop haven’t ever asked for sharing any article. But, this time, we request our readers to share this article at their walls, groups, twitter, whatsapp and any or all medias to strengthen the defense against this heinous attack.

Disabling EternalBlue in Windows