Across the world, the creepy ransomware Wannacry has wept many citizen's eye with its atrocities. Since, this year alone the rate of ransomware attacks has got increased. 'NMR- No More ransomware' project initiated by Europol and other security agencies to scrutinise ransomware threat has stopped various ransomwares in earlier days. But considering this Wannacry, many security researchers were working to stop kill it.

Similar to enthiran movie, A security researcher behind the twitter handle 'MalwareTech' discovered a kill switch for Wannacry accidentally. But unfortunately, Wannacry 2.0 has came to the update of Wannacry without any kill switch. The discovered kill switch has stopped the ransomware from further spreading. Unlikely, the new version had downed the entire hard-work of researcher.

Some security researchers have claimed that there are more samples of WannaCry with different 'kill-switch' domains and without any kill-switch function, continuing to infect unpatched computers. Till today, around 237,000 computers and 150 countries around the world have been infected with the ransomware. Considering other countries such as United Kingdom, United states and other ninety seven counties, the attack happened majorly on business, health and telecom sector. But in India,hackers targeted and infected the hundreds and thousands of computers in Police department and famous automobile manufacturers.

Yesterday, the ransomware infected few systems of Police department in Andhra Pradesh. Later on evening, actors attacked the computers of Maharastra police department. And today, it has been heard that,Today the Ministry of Electronics and Information Technology (MeitY) advised the government bodies including RBI, National Payments Corporation of India, NIC and UIDAI (Aadhaar) to protect thier systems from 'Wannacry'. Also, it has instructed the authorities to ensure the safety of digital payments system.

How far it's spreads?

Wannacry- a ransomware designed by a some unknown hacker or actor group to infect and encrypt the files in the vulnerable computers in microsoft computers. It has been believed that, the ransomware is using the same Eternalblue's SMB exploit, which CIA used earlier to spy and crack the vulnerable microsoft systems. As soon the ranomware infects the system, the malware starts to scan other vulnerable computers, which were connected on the same network.The SMB exploit has become quite popular, when a collection of hacking tools leaked by the famous,'The Shadow Brokers' on the internet.

Edward Snowden, renowned whistle blower said, 'If NSA had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.'

*'hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com'

Researchers says, 'The above-mentioned domain keeps WannaCry to spread like a worm, if the connection to this domain fails, the SMB worm proceeds to infect the system.' but, MalwareTech registered this domain in question and created a sinkhole – tactic researchers use to redirect traffic from the infected machines to a self-controlled system.

Similar to blue liquid, ransomware spread is increasing more. Regarding this, when we contacted a tech enthusiast,Jagath Raja. He said, 'The new ransomware is spreading like a worm. And I should say that,we are in a critical situation.Though if you pay ransom, there is cent percent assurance that, you will get your data back, Because, your leaked data is there in cloud controlled by actor. In-case, if he/she leaks it, then your privacy is in danger. Changing the operating system may helps the system to bring it to safe mode, but the lost data can't be recovered. And you have to remember that, you're data is there in hacker control. And it may lead to privacy issue, if the actor leaks it.'

#Wannacry #Ransomware #Tech #Snowden