Thursday, 1 June 2017

WannaCry Ransomware (wasooli virus)

Since last 2 or 3 months, 99 countries reported a ransomware virus called Wannacry.  All 99 countries reported this virus at the same time. Many public places like hospitals and banks have lost their data because of this Ransomware.

What is Ransomware Virus?

Ransomware virus is software which encrypts some files of a device. These are so hard to break or we can these viruses are unbreakable with correct privet key(password). That's why this virus is very dangerous. You cannot get password until you provide some ransomware(payment). And there is no guarantee for your data recovery.  

Most of the Ransomware does not use good encryption and a good technician or ethical can break it. But, some like Wannacry use a powerful encryption which is hard to break.

Procedure of Attack

Ransomware attack needs people's attention if you are the victim then you must have downloaded something malicious like any software, pdf or porn. 

First, these malicious kinds of stuff need a wall to hide like any good thing or entertaining thing. When it comes to victim's device then ask for your permission to install and encrypt but as it is malicious so when you open the file it installs by itself.

 Once it's installed it start encrypting your computer's file. It takes some to encrypt a file if you have lot's of stuff then it may take longer. Once it finishes it changes your theme and file format.

It works in following steps:
  1. Attacker to Victim, Attacker generates a key pair and load into the malicious software. One of them is privet key and public key. The public key is set into software then attacker release it.
  2.  Victim to Attacker, The malware generates the symmetric key to encrypt victim's data by the provided public key. Once this is done it generates a small asymmetric ciphertext with encrypted victim's data. After this, it zeroizes symmetric key and plaintext data to prevent any type of recovery. A message pop-up with the asymmetric key which asks for payment with the procedure of payment. Usually, the procedure is done by in encrypted bitcoin currency on an onion hosted site(unindexed ).The victim needs to send the encrypted key is a general step to be done.
  3.  Attacker to Victim, Once payment procedure is done, the attacker sends the privet key for a public key to decrypt the data.


WannaCry was launched on 12th may 2017 and in such a short time it infected more than ...... devices. It attacks windows based computers. This virus was launched in 99 countries and no one knows the .centre of this attacks. Windows also working for its updates against this virus.
It asks for $ 300 from each victim. Attackers chose their victims wisely. Person or organizations who really needs their data are first property. These attacks do not encrypt all the data but some of the victim's file like personal documents, images. files etc.

No comments:

Post a Comment

Share your experience ,please give us your feedback it is important