comscore WannaCry Ransomeware attack: From shut ATMs to Dance of Hillary videos, don’t pay heed to these fake WhatsApp messages
News

WannaCry Ransomeware attack: From shut ATMs to Dance of Hillary videos, don’t pay heed to these fake WhatsApp messages

Don't believe fake WhatsApp forwards but rather understand what WannaCry Ransomeware is all about.

whatsapp-hacking

WannaCry or WannaCrypt Ransomeware is all we see people talking about this week. The cyber attack which started affected computers last Friday continues to spread in full swing and despite there being a patch by Microsoft, thousands of computers remain affected. The ransomware gives the hackers access to the complete system with all data – and in order to once again access their computers, users are asked to pay $300 to $600 (between Rs 9,000 and Rs 38,000) worth bitcoins in ransom. Also Read - Big threat for Google, Twitter, WhatsApp, and LinkedIn users

Also Read - WhatsApp launches new program to help organisations build solutions for healthcare issues

As with every new threat, WhatsApp spammers are having a field day. There have been multiple messages shared over the messaging app, warning users to stay safe. While most of the messages give users a gist of what the attack is all about and ask them to follow certain measures, many are off the mark and completely ridiculous. Apart from warning users about the possible threats, there are even other “sources of malware” listed in the messages which are completely fake and could mislead readers. Here’s a list of all the fake messages circulating on WhatsApp: Also Read - WhatsApp adds new durations to Disappearing messages feature: Here's how to enable

1. No money withdrawls: While the message below does contain some true facts, most of it is misrepresented though. Over 150 countries have been affected, not merely 74. Also, banks are yet to issue an official statement regarding ATMs or other services. ALSO READ: WannaCry Ransomware attack tracker shows real-time map of affected devices worldwide

Here’s what one of the messages doing the rounds says: “Stay tunned with latest news for updates…Also keep antivirus ON and do not operate bank n shopin sites or pay utility through mobile hold on for today before doin nythin…..Massive Ransomeware attack…Total 74 countries affected…Please do not open any email which has attachments with *”tasksche.exe”* file. Please send this important message to all your computer users ATM ‘s will be closed for next 2-3 days probably, due to ransomware cyber attack within India. So, if you need then please withdraw money today for rest of week atleast. Don’t do any online transactions today. Please inform all contacts from your list not to open a video called the “Dance of the Hillary”. It is a virus that formats your mobile. Beware it is very dangerous. Fwd this msg to as many as you can!

Except africa all country’s IT companies r hacked. Don’t open any shopping carts today.

Please inform all contacts from your list not to open a video called the “Dance of the Hillary”. It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on BBC radio. Fwd this msg to as many as you can!”

2. Dance of Hillary: The below message claiming a Dance of Hillary video file doing rounds is fake. The Dance of Hillary is simply a renaming of Dance of Pope virus that circulated on smartphones. Though it is always advisable to exercise caution before downloading any file, this time around, this warning is a fake.

“Please inform all contacts from your list not to open a video called the “Dance of the Hillary”. It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on BBC radio. Fwd this msg to as many as you can!

Massive Ransomeware attack…Total 74 countries affected…Please do not open any email which has attachments with *”tasksche.exe”* file.”

The messages above are the main ones doing rounds. There is also another message circulating which explains the new malware in detail and is pretty accurate in the description:

“What is Ransomware?

And How to be aware!

True Information Here,

————————

Ransomware is a malicious software that encrypts the files and locks device, such a

a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a

dangerous ransomware named ‘Wannacry’ has been affecting the computers worldwide

creating the biggest ransomware attack the world has ever seen. This has affected

computers in India also.

What is WannaCry Ransomware?

——————————-

WannaCry ransomware attacks windows based machines. It also goes by the name

WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY.It leverages SMB exploit in

Windows machines called EternalBlue to attack and inject the malware. All versions of

windows before Windows 10 are vulneable to this attack if not patched for MS-17-010.

After a system is affected, it encrypts the files and shows a pop up with a countdown and

instructions on how to pay the 300$ in bitcoins to decrypt and get back the original files. If

the ransom is not paid in 3 days, the ransom amount increases to 600$ and threatens the

user to wipe off all the data. It also installs DOUBLEPULSAR backdoor in the machine.

What can you do to prevent infection?

—————————————-

Microsoft has released a Windows security patch MS17-010 for Winodws machines.

This needs to be applied immediately and urgently.

Remove Windows NT4, Windows 2000 and Windows XP-2003 from production

environments.

Block ports 139, 445 and 3389 in firewall.

Avoid clicking on links or opening attachments or emails from people you don’t

know or companies you don’t do business with.

SMB is enabled by default on Windows. Disable smb service on the machine by

going to Settings > uncheck the settings > OK

Make sure your software is up-to-date.

Have a pop-up blocker running on your web browser.

Regularly backup your files.

Install a good antivirus and a good antiransomware product for better security.

File Names:

@Please_Read_Me@.txt

@WanaDecryptor@.exe

@WanaDecryptor@.exe.lnk

Please Read Me!.txt (Older variant)

C:\WINDOWS\tasksche.exe

C:\WINDOWS\qeriuwjhrf

131181494299235.bat

176641494574290.bat

217201494590800.bat

[0-9]{15}.bat #regex

!WannaDecryptor!.exe.lnk

00000000.pky

00000000.eky

00000000.res

C:\WINDOWS\system32\taskdl.exe

All must be aware of Massive Ransomeware attack…..Please do not open any email which has attachments with tasksche.exe. file… Pl spread across all possible groups and branches… Not to open email attachments from unknown sources and update AV patch urgently.”

 

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: May 16, 2017 2:15 PM IST



new arrivals in india

Best Sellers