All versions of Windows including Windows XP, Windows Vista, Windows
7, Windows 8 and Windows 10.
Malicious software or "ransomware" has been used in a massive hacking
attack, affecting tens of thousands of computers worldwide. Software
security companies said a ransomware worm called "WannaCry" infected
about 57,000 computer systems in 99 countries on Friday, with Russia,
Ukraine, and Taiwan being the top targets.
The hack forced British hospitals to turn away patients, affected
Spanish companies such as Telefonica, and threw other government
agencies and businesses into chaos.
Ransomware is a programme that gets into your computer, either by
clicking or downloading malicious files. It then holds your data as
Some security researchers say the infections in the case of WannaCry
seem to be deployed via a worm, spreading by itself within a network
rather than relying on humans to spread it by clicking on an infected
The programme encrypts your files and demands payment in order to
Security experts warn there is no guarantee that access will be
granted after payment.
Some forms of ransomware execute programmes that can lock your
computer entirely, only showing a message to make payment in order to
log in again.
Others create pop-ups that are difficult or impossible to close,
rendering the machine difficult or impossible to use.
WannaCry is a form of ransomware that locks up files on your computer
and encrypts them in a way that you cannot access them anymore. It
targets Microsoft's widely used Windows operating system. When a
system is infected, a pop-up window appears with instructions on how
to pay a ransom amount of $300. The pop-up also features two countdown
clocks; one showing a three-day deadline before the ransom amount
doubles to $600; another showing a deadline of when the target will
lose its data forever.
Payment is only accepted in bitcoin.
The ransomware's name is WCry, but analysts are also using variants
such as WannaCry.
A hacking group called Shadow Brokers released the malware in April
claiming to have discovered the flaw from the US' National Security
Agency (NSA), according cyber-security providers.
The effected PCs should be
immediately disconnected from the network.
Contact your virus guard providers/ Security Vendors for necessary
As an immediate action, email attachments should be blocked relating
to following files but not limited to .pdf (encapsulating a .js
Have all files backed up in a completely separate system.
This ransomware targets all versions of Windows including Windows XP,
Windows Vista, Windows 7, Windows 8 and Windows 10.
Clients should ensure that they are patched on MS17-010.
Disable the outdated protocol SMBv1.
Isolate unpatched systems from the larger network Recovery:
As of now, there are no know recovery methods available.
Do not try to pay the ransom
Ensure you have smart screen (in Internet Explorer) turned on, which
helps identify reported phishing and malware websites and helps you
make informed decisions about downloads
Have a pop-up blocker running on your web browser
Regularly backup your important files
FinCSIRT Sri Lanka http://www.aljazeera.com/news/2017/05/ransomware-avoid-170513041345145.html
The information provided here in is on "as is" basis, without warranty
of any kind.