What is Wanna Ransomware?
A new ransomware attack called ‘Wanna’ (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r, or Wanna Decrypt0r) is encrypting files and changing the extensions to: .wnry, .wcry, .wncry and .wncrypt.
How much damage was done by it?
The attack started on Friday, 12 May 2017 and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries. The worst-hit countries are reported to be Russia, Ukraine, India and Taiwan, but parts of Britain’s National Health Service (NHS), Spain’s Telefónica, FedEx, Deutsche Bahn, and LATAM Airlines were hit; along with many others countries & companies worldwide.
How Do I Stay Protected?
Update all Windows environments as described in Microsoft Security Bulletin MS17-010.Whitelist any kill switch domains related to this attack. Update your endpoint software to ensure you have the latest protections for this threat.
How was it temporarily stopped ?
Shortly after the attack began, a web security researcher who blogs as “MalwareTech” unknowingly flipped an effective kill switch by registering a domain name he found in the code of the ransomware. This slowed the spread of infection, but new versions have now been detected that lack the kill switch
How does the Virus Spread ?
Ransomware usually infects a computer when a user opens a phishing email and, although such emails have been alleged to be used to infect machines with WannaCry, this method of attack has not been confirmed.