Today I would like to share with you a very useful topic, especially if you own a device connected to the Internet, it is good dear that you read this article, in which I will explain to you the most dangerous types of viruses that may infect anyone on the Internet and the most widespread in these years This is what is known as the 'ransomware virus'.
And specifically what we will talk about today, which we have all heard about before, especially in the previous era of years, which is the WannaCry Ransomeware, and this virus basically has many and many versions that have been created by the most prominent of these releases, the version of Wannacrypt0r and It has many names given to it and is called the most important 2.0, and it is considered one of the most virulent software viruses and has become famous and spread on social media sites or social networking sites as the "software virus", and this malicious virus was able to reach more than 70 thousand computers in more than 99 countries in the world, and all this through a process that does not exceed a period of hours and minutes.
Definition of this virus, duration of access and spread, and how it works:
This virus is known as one of the most insidious and ugliest malicious software viruses that have been produced and that have a viral and practical viral nature like all other viruses, and it is a Trojan that most often targets computers that are running on Windows systems because it is difficult for him to access and attack the Linux operating system.
And among the most important characteristics:
The ability to fully control your personal files downloaded and placed inside the device you are using.
Using your device and using it to launch a "DDoS" attack, by converting your personal computer into a "botnet" or "BOTNET".
Also, one day to completely block the service from the user in order to control the device completely freely, and all this by controlling the communication protocols of the Internet.
And this malicious virus depends in its work on encryption, and I mean encrypting all the data collected in the device and preventing the victim from accessing his information and encrypted data in his device, and from here comes the primary role of this virus, which is to request the ransom from the victim through a written message that appears on the Device screen.
How this virus spreads:
The ransomware spread at the beginning of Friday on `` 12 | 05 | 2017 '' and this malicious virus was able to infect more than 70 thousand devices in 70 countries and 20 different languages, and the first news was from the country of `` Spain '' and that was an infection The communications network of the multinational telecommunications company "Telefonica" that covers all of Asia, Europe and places of the United States of America, as well as the injury of the most famous companies such as Deutsche Bahn, FedEx, and NHS National Health Service.
After that, the state of Russia was informed of the confirmation of the infection of the numbered organizations belonging to governmental institutions: Russianlenterior Ministry - MegaFon .. Then the situation reached many Arab countries.
How it spreads:
He used this virus and exploited the "EnternalBlue" exploit, which was presented in private hacker groups, namely, "The Shadow Brokers" on 04/14/2017 that was leaked by the "Equation Group", which did not specify the nature of its essence. Is it a group of hackers affiliated with the US National Security Agency, or is the name indicative of a group of hacker tools?
This virus also exploited the "EnternatBlue" vulnerability, which is one of the vulnerabilities in the Windows operating system that controls the "SMB Server Message Block" protocol and exploits it. The role this protocol plays is that it is responsible for sharing files and folders on the Internet.
The beginning and end of this virus:
Your browser Mozilla, Chrome, Opera ... etc. and all other browsers are the welcome doors for this virus to enter your computer, and it comes to you in the following cases: A seductive message and it is false to your delusion as they send you a message to your e-mail whose content is that you won a decent amount of money and Great and that you will get a check or a bank transfer, as well as sexual seduction ads through PopAds pop-up ads.
Then the victim enters the link of the seductive message or sexual advertisement, and God forbid, the file is downloaded on the basis that it is the conditions under which you will receive the money and the same is the case with sexual temptation, after which the victim opens the file and once it is downloaded and opened, the device's files and data are completely encrypted.
The use of the SMB vulnerability to migrate to devices connected to the same Internet.
Finally, a message appears asking you for the ransom.
This message will inform you that all your files on your personal computer have been encrypted, and you will not be able to decrypt this encryption or resolve this disaster by paying the ransom and making a transfer of $ 300 of Bitcoin within a three-day deadline and if you exceed this period The ransomware becomes doubled, and if you go through seven days without paying anything, you will not be able to recover your files forever.
Tips to do once you are infected with the virus:
You must be installed and running on Windows 10 because it contains all anti-virus updates, and if you are a user of 7 and Server 2008, you must and must install this update MS17-010 from Microsoft.
If you have a different version from the previous versions, I advise you to go to this link and choose the appropriate update for your operating system.
Avoid opening any message that comes to your e-mail, as it is often anonymous.
It is also useful to avoid clicking on the ads and porn sites inside pop-up windows.
Activate the framwire and close access to the doors of the SMB protocols in its various versions.
Concerning the TCP protocol, block and of the following ports: 137 - 139 - 455.
Regarding the UDP protocol, block the following ports: 137 - 138. 8- Copy all files and folders that you need and all your data to a flash memory.