All About Computers – Kaspersky Lab’s anti-virus company analyzing the WannaCry ransomware attack launched on a large scale since May 12 last. Kaspersky detected at least 45 thousand infections carried out in 74 countries.
Of all the attacks, Kaspersky found that most of the infections took place in Russia. In the list of the top five countries most exposed judi poker online to WannnaCry ransomware attacks, Kaspersky noted Ukraine in second place, followed by India, Taiwan, and Tajikistan. While Indonesia is not included in the list of the top 20 countries most affected by cyber attacks WannaCry.
Kaspersky Lab describes WannaCry’s ransomware infecting victims by exploiting Windows operating system vulnerabilities. When in the system, the attacker installs a rootkit so they can download the software to decrypt the data.
Furthermore malware will encrypt the files in the device. A redemption request of USD 600 in the form of bitcoin is also displayed which increases over time. While the tool or exploit tool used is called “Eternal Blue” and is available on the internet thanks to the hacking action performed by Shadowbrokers on April 14th. This tool is reportedly stolen from the United States security agency (NSA).
In an official statement, Kaspwesky Lab security team managed to detect the malware used in this attack. A number of names detected include:
– Trojan.Win32.Generic (System Watcher component must be enabled)
Experts Kaspersky Lab explains currently trying to understand whether it is possible to decrypt the data that was locked because of the attack. The goal is of course to help the victims by developing the decryption tool as soon as possible.
Meanwhile, Kaspersky Lab also revealed a number of tips to avoid WannaCrypt infection, among others:
1. Install the official patch from Microsoft to cover the vulnerabilities used in the attack.
2. Make sure the security solution is enabled on all nodes in the network.
3. If using Kaspersky Lab solution, make sure the solution includes the System Watcher feature, the proactive behavior detection component, and the feature has been enabled.
4. Run the Critical Area Scan process in Kaspersky Lab solution to detect, possible infection as soon as possible (otherwise it will be detected automatically, if not turned off, within 24 hours).
5. Reboot the system after detecting MEM: Trojan.Win64.EquationDrug.gen
6. Use Customer-Specific Threat Intelligence Reporting service