Overview of Wannacry virus - The world's most dangerous malicious code

WannaCry software, also known as extortion virus software, has been a flash attack, causing about 75,000 computers in 99 countries to be infected with malicious code.

On May 12, a large-scale cyber attack, apparently using stolen tools from the US National Security Agency (NSA), affected a variety of countries around the world, with about 75,000 computers infected with WannaCry malicious code .

Sources said the cyber attack took place on a global scale, affecting 99 countries, including Britain, the United States, China, Russia, Spain, Italy and Taiwan.

What is WannaCry?

WannaCry is a form of "extortion" software that blocks data on a user's computer, then encrypts them so that users cannot access those data anymore.

Picture 1 of Overview of Wannacry virus - The world's most dangerous malicious code
WannaCry is not only a extortion virus software, it is also considered a "deep" computer type.(Artwork: Global Look Press).

How does WannaCry spread?

The extortion virus software is a program that infiltrates a user's computer through operations such as clicking on a link or downloading a link containing malicious code. This software will then control the computer and demand a ransom from the user.

With WannaCry, the software encrypts user data, requiring users to pay ransom using virtual currency Bitcoin to gain access to the encrypted data.

However, security experts warn, even if the user accepts payment of ransom, they may not be able to access their data again. Some extortion software will continue to encrypt data for a few more days to get more ransom or else the data will be deleted.

This form of attack can occur in many different ways, with extortion software that will take control of the entire computer and leave only a ransom message. Meanwhile, there are other forms such as creating pop-ups that are difficult or impossible for the user to turn off, which makes the computer difficult or unusable.

How dangerous is WannaCry?

WannaCry is not only a extortion virus software, it is also considered a "deep" computer type. In other words, it can invade a user's computer, then search for more connections with other computers to spread the malicious code as much as possible.

This extortion software is always changing so that there are many ways to break into computer systems or deal with security software.

Some cyber security companies have warned, WannaCry takes advantage of security flaws in Microsoft systems discovered by the US National Security Agency. NSA and Microsoft have yet to comment after the incident.

Picture 2 of Overview of Wannacry virus - The world's most dangerous malicious code
This extortion software is always changing so that there are many ways to break into the computer system.

The extensions that malware targets for encoding include the following format groups:

  1. Common office file extensions are used (.ppt, .doc, .docx, .xlsx, .sxi).
  2. Office formats are less common and country specific (.sxw, .odt, .hwp).
  3. Archive, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
  4. Email and email database (.eml, .msg, .ost, .pst, .edb).
  5. Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
  6. Source code and developer's project file (.php, .java, .cpp, .pas, .asm).
  7. Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
  8. Graphic design authors, authors and photographers (.vsd, .odg, .raw, .nf, .svg, .psd).
  9. Virtual machine file (.vmx, .vmdk, .vdi).

According to security experts, with the WannaCry extortion code incident and if it is infected, users should follow the website www.nomoreransom.org - a project with the alliance of many authorities. World-renowned security companies such as Intel Security, Kaspersky Lab, Trend Micro, . participate. Normally, when there is a tool to decode a certain type of extortion code, experts will share it on this website.

How to prevent WannaCry extortion code

  1. Ensure that all computers have security software installed and have turned on anti-extortion software components.
  2. The official patch installation (MS17-010) is from Microsofthere, to patch the exploited SMB Server vulnerability in this attack.
  3. For Windows XP (as the operating system has been dead since 2014) and Windows Server 2003, users can download the security patchhere.
  4. Perform system scan (Critical Area Scan) included in Kaspersky Lab solutions to detect the fastest infections (otherwise the infection will be detected automatically but after 24 hours)
  5. Perform regular backup of data to storage places not connected to the Internet.

In addition, the Vietnam Computer Emergency Response Center (VNCERT) has also requested agencies and units to monitor and prevent connections to WannaCry malware control servers and update the systems. protection systems such as IDS / IPS, Firewall . identity information about this new extortion code, including 33 IP addresses of malicious code servers (C&C Server); 10 files and 22 hash codes (Hash SHA-256).