WannaCry 3.0 Ransomware
[Updated on 17th May 2017] Here’s the detailed guide on how to protect your system from WannaCry Ransomware in future.
WannaCry 3.0 Ransomware is now infecting systems worldwide. Reports suggest WannaCry links to Lazarus Group and the origin of attack was North Korea. Read this report now to find out more about WannaCry 3.0 and the similar codings (Contopee) of Lazarus Group. This group was responsible for the attack on Sony Pictures & a robbery of $81M on a Bangladeshi Bank in 2014!
Thanks to Marcus Hutchins who stopped the wave of WannaCry Ransomware by providing the decryption key! But is this going to be enough? Is this going to stop the cyber criminals from trying something new? NO! It’s not enough! WannaCry 3.0 is already on the roll and it seems like WannaCry 2.0 was just a test to know the working of latest version!
Camaeio founder, Matthieu Suchie has spotted the latest version of WannaCry Ransomware which was not spotted by Kaspersky Lap. This latest version was found from the newly infected system which was a “Kill Switch Version.”
Why Did WannaCry Had Kill Switch?
Many of you got in a misconception that the hackers might have failed to remove the Kill Switch from WannaCry Ransomware but that’s not true! It wasn’t an attacker conscience. It was just done to bypass the antivirus security tools installed in the system. As said earlier, the WannaCry 2.0 was just a test and the original version which is WannaCry 3.0 is already infecting the systems worldwide again!
“This level of sophistication is something that is not generally found in the cybercriminal world. It’s something that requires strict organization and control at all stages of operation. That’s why we thing that Lazarus is not just another advanced persistent threat actor,” said Kaspersky. They also found that the cyber attacks were originating from North Korean IP addresses. Here’s the detail about the linking of Lazarus Group & WannaCry.
Matthieu Suchie reported (on 15th May 2017) that WannaCry Ransomware links to Lazarus Group. It was observed that the coding of WannaCry and Contopee were quite similar. It might not be wrong to say that the Lazarus Group is somewhere involved in developing the WannaCry Ransomware. Here’s the proof in the image below by Matthieu Suchie indicating the link between Lazarus Group & WannaCry. This similarity was first found by Neel Mehta, a Google Security Researcher.
Experts also say that, “Just because the coding of both the cyber attacks are similar doesn’t mean that a particular group is involved in it. It might be another group that is using the Lazarus Group’s code to confuse the experts and hide their identity. In the recent version of WannaCry the code doesn’t appear anymore according to Kaspersky’s latest blog post.
Recommended Read: Latest Ransomware Decryptor Tools of 2017
Customer Guidance for WannaCry Attack by Ransomware
You simply can’t blame Microsoft for the attack. It’s your responsibility to update the systems to the latest Microsoft Windows version to stay away from such attacks. In an email received by Microsoft, they have clearly mentioned that if you have turned on the automatic updates of Windows Defender and installed the security update released by them in March are not affected by this WannaCry Ransomware attack. Here’s what they sent in an email, have a glimpse at it.
Though the security updates by Microsoft might have installed, there might be chances of Ransomware encrypting in your system if you don’t activate the Windows Defender. So ensure that you update the security installations time to time and also upgrade to Windows 10 Home or Windows 10 Pro now! Here’s the detailed guide written by Microsoft.
They will also be conducting a webinar to create awareness among the people who are still not aware about the WannaCry Ransomware attack. And this webinar will be useful for those who have plenty of queries regarding their systems, upgradation, WannaCry Ransomware and lots more. In an email received by Microsoft, they said ” You may want to join the Webinar on Wannacry Attack Q&A, 22nd May, 11am, Join here. Email: Please write to us firstname.lastname@example.org. Our team will respond to you on priority.”
Should YOU Be Worried About WannaCry 3.0?
There’s no Kill Switch’s perfect version of WannaCry Ransomware available says Costin Raiu, the Director of Global Research & Analysis Team of Kaspersky Lab. Matthieu Suiche said that WannaCry 3.0 version is just a part of the operation which is not lethal and it doesn’t have any security threat. So does this indicate that you are safe from WannaCry 3.0? Most probably Yes and No both! But ensure that you are aware of Cerber Ransomware which is the most dangerous one in all the Ransomware family.
As of now, there’s nothing much to worry about this latest WannaCry Ransomware but it doesn’t take much time turn the cards around. So it is advised to be safe by installing the latest patches of WannaCry Ransomware. Meanwhile, you can keep a track on real time WannaCry Ransomware infected systems worldwide. This will give you enough idea if there’s a sudden increase in infected systems. In short, if something like that happens, the WannaCry 3.0 wave is all set to start again! So beware and be safe! Stay tuned to ransomware news for more information on WannaCry Ransomware!