Ransomware WannaCrypt

Oh hello guys, hari ni aku nak cerita sikit pasal RansomWare WannaCrypt, or WannaCry, or virus RansomEncrypt ni.

So first thing bagi yang tak faham langsung pasal komputer, ware ni ialah shortcut kepada software. And usually “name” combined with “ware” ni define what type of software virus bendanya.

Contohnya:

Malware tu maksudnya dia jenis Malicious yang akan makan everything, destroy everything.

Adware, jenis yang melibatkan iklan.

Trojanware (commonly known as Trojan Horses) ni, jenis yang attack specified file dalam system.

Spyware ni dia gather intel, maksud nya ya, spying. haha.

Keyware (commonly known as Keylog/Keylogger/Logger) ni jenis yang just curik whatever typed on the keyboard.

So, ransomware. What is it? Ransom. Tebusan. Dia jenis virus yang guna tebusan untuk mintak duit.

And now, Ransomware WannaCrypt 2.0. So what can we tell from this virus name? So dia jenis virus Ransomware, tugas dorang ialah offer crypting service, and virus dia ialah encrypting files, nama team/maker dia ialah Wanna. Or probably abbreviations of 5 people W.A.N.N.A. Or something like that.

15-wannacry-cyber-attack.w1200.h630.jpg

So here is the video, ada somebody made a video about it:

So as you can see, dia guna Virtual Machine untuk test this virus and that is what exactly happened. Semua kene virus ala-ala virus shortcut MichealJamban dulu tu. Cuma problem dia, dia tak encryptkan file, dia hide the folder and create a shortcut je.

Tapi yang WannaCrypt ni, dia tightly ziplocked the files and dia siap create new file extension .WNCRY lagi. Nice wordplay on the Wanna Cry?, team Wanna hahaha.

Okay anyway, lepas tu dia suruh orang send bitcoin via a series of tornetworks ke bitwallet/blokchains and baru dia akan decryptkan file yang unlock Decrypt0r tu.

So faham dak macam mana sistem dia function?

Kiranya package tu datang sekali dengan virus, wallpaper, protected-files yang mengandungi key kepada decryptor tu, and a ‘free-trial’ punya decryptor. And by sending BTC to them, dorang akan bagi keys untuk decrypt protected-files tu and boleh guna decryptor tu untuk decrypt files dalam pc.

Cuma aku assume, dorang generate new key everytime nak full version of the decryptor, so that katakanlah kalau satu company kene attack, and 40 pc in a row kene same viruses, dorang tak boleh bayar satu pc untuk decrypt all pc. Kene bayar berasingan.

So apa cerita Ransomware WannaCrypt 2.0 (RWC2) ni?

So National Health Service kat UK kene attack and most companies kat luar negara kene attack besar-besaran and it spreads very fast, and most people assumes dorang ada a large network of hackers yang join in, and menurut report, dah lebih 200k pc kene attack. Maybe engkorang yang pc cikai-cikai tak heran sangat setakat hilang gambar selfie beribu, tapi kalau untuk giant companies, all those datas man! Data data data!

So, konon ada satu video yang ajar macam mana nak baiki those virus:

 

Tapi aku had a feeling yang dia ni remake je virus ni, sebab it wouldn’t be much of a hassle kalau setakat gini since this is a possible method that I would have first tried kalau kene kat aku. Tapi anyway some entertainment for you guys.

So my nasihat for you guys:

Jangan bukak anything suspicious dekat dalam email. 

Jangan download anything from deepwebs.

Kalau download file yang overly suspicious, cancel download. Macam mana nak tahu dia suspicious? Kalau file tu kononnya kawan kau send gambar kecik tapi file makan 17mb. 

Extra info about RWC2

WannaCry.jpeg

Stay safe!

Share your thoughts!

comments