WannaCry the ransomware makes everybody cry

WannaCry the ransomware makes everybody cry

It is being terrible that a deadly ransomware have been making the entire cyber world stunned on getting hacked. The virus is nothing but ‘WannaCry’ made this attack over lakhs of networks. It’s the first time that a ransomware attack came into such a big threat to the whole cyber systems.

WannaCry-ransomware
© lifewire.com

Viruses are of varying forms that some makes the system slow down while some others makes entire system damaged. But ransomware is viruses that can make a computer system hacked, not working, and they ask money to make everything as it were. These can encrypt the files into another unknown extension which are not easily accessible. Hence we can’t read the same instead having some messages from the hackers that are asking huge amounts to get those back. There is no method have been found to decrypt the files encrypted using ransom ware. So the only way is to pay and have the whole system files backed from the hackers.

Crucial is, the mode of paying money will be as ‘Bitcoin’ virtual money which can handover so secretly and thus not able to find them. If money will not paid in given time, the amount will get raised.

WannaCry ransomware
© trishtech.com

There occur many loopholes in MS windows every time. The malware ‘Eternal blue’ of eavesdrop American National Security Agency were attacked by the hackers from NSA and using the same for this attack. Those systems with old version windows are getting affected more. Emails with attachment, software bugs, network loopholes are the main platforms via which these ransom ware is seems to be spread.

Updating every application is the major step to prevent this. All windows OS even XP are having newly available updates now. And the latest versions of browsers could be used. Flash players, plugins could have to be removed at least for a few days. Do not go for cracked versions of paid software. Install of anti viruses like Kaspersky, Quick heal or update to the recent version. For windows 8.1 SMB1.0/CIFS file sharing support could be disable by Control panel –>windows features on/ off–>SMB1.0/CIFS file sharing support–> clear–>OK.

.lay6, .sqlite3, .sqlitedb, .accdb, .java, .class, .mpeg, .djvu, .tiff, .backup, .vmdk, .sldm, .sldx, .potm, .potx, .ppam, .ppsx, .ppsm, .pptm, .xltm, .xltx, .xlsb, .xlsm, .dotx, .dotm, .docm, .docb, .jpeg, .onetoc2, .vsdx, .pptx, .xlsx, .docx are the extensions get hacked so easily. It will be preferable to save if having files with the above mentioned extensions.

Those who are using Windows XP, Vista, Server 2003, server 2008 it is better to install the patch for it. Making a restore point in your computer will help to restore the computer to an old date if any attacks occur.

Disable the pop ups in browsers. Select inbound rules of windows firewall and disable the ports 139, 445, 3389. And also disable the below given IP using antivirus or firewall.

16.0.5.10:135
16.0.5.10:49
10.132.0.38:80
1.127.169.36:445
1.34.170.174:445
74.192.131.209:445
72.251.38.86:445
154.52.114.185:445
52.119.18.119:445
203.232.172.210:445
95.133.114.179:445
111.21.235.164:445
199.168.188.178:445
102.51.52.149:445
183.221.171.193:445
92.131.160.60:445
139.200.111.109:445
158.7.250.29:445
81.189.128.43:445
143.71.213.16:445
71.191.195.91:445
34.132.112.54:445
189.191.100.197:445
117.85.163.204:445
165.137.211.151:445
3.193.1.89:445
173.41.236.121:445
217.62.147.116:445
16.124.247.16:445
187.248.193.14:445
42.51.104.34:445
76.222.191.53:445
197.231.221.221:9001
128.31.0.39:9191
149.202.160.69:9001
46.101.166.19:9090
91.121.65.179:9001
2.3.69.209:9001
146.0.32.144:9001
50.7.161.218:9001
217.79.179.177:9001
213.61.66.116:9003
212.47.232.237:9001
81.30.158.223:9001
79.172.193.32:443
38.229.72.16:443

Be aware of the followings

Web addresses

  • iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[dot]com
  • Rphjmrpwmfv6v2e[dot]onion
  • Gx7ekbenv2riucmf[dot]onion
  • 57g7spgrzlojinas[dot]onion
  • xxlvbrloxvriy2c5[dot]onion
  • 76jdd2ir2embyv47[dot]onion
  • cwwnhwhlz52maqm7[dot]onion

Files

  • @Please_Read_Me@.txt
  • @WanaDecryptor@.exe
  • @WanaDecryptor@.exe.lnk
  • Please Read Me.txt (Older variant)
  • C:\WINDOWS\tasksche.exe
  • C:\WINDOWS\qeriuwjhrf
  • 131181494299235.bat
  • 176641494574290.bat
  • 217201494590800.bat
  • [0-9]{15}.bat #regex
  • !WannaDecryptor!.exe.lnk
  • 00000000.pky
  • 00000000.eky
  • C:\WINDOWS\system32\taskdl.exe

Prevention is the only better way towards WannaCry. Let’s start as soon as possible.