WannaCry attack in 5 questions


WannaCry attack in 5 questions

Added date : 2017-05-16 16:53

NEWS CENTER - ILKHA ARGE Unit investigated the WannaCry attack spread across more than 100 countries around the world in 5 questions.

WannaCry attack in 5 questions

Ilke News Agency (ILKHA) ARGE Unit has investigated the method, damage and protection reflexes of this attack in 5 questions. In the past days, the WannaCry cyber-attack has affected more than 100 countries.

With the harmful software Ransomware, the WannaCry cyber-attack has deeply embraced more than 100 countries around the world, especially those that are fully integrated into the computing technology. Countries that were not under the full influence of this technology were not affected by the large scale of the cyber-attack.

While the UK was the most vulnerable to the attack, many banks and the health sector suffered a major collapse. Russian banks and European automobile factories also effected. ICTA [Information and Communication Technologies Authority] President Ömer Fatih Sayan explained that 74 countries including Turkiye were affected from the attack.

It is reported that Ransomware, which is used for WannaCry attack, is affected by many official institutions, including banks, which have captured and encrypted important data in many countries.

Although Ransomware has not been used completely for attack purposes until now, it is known that money was asked for encrypted data that is encrypted through this software.

1-What is WannaCry (WCRY), what are the damages, what kind of damages give to the systems?

In April, the National Security Agency (NSA) leaked an exploit kit called FUZZBUNCH. When this exploit is used together with the DOUBLEPULSAR payload contained in another exploit, it is possible to run the command line as administrator without the administrator login of the relevant system by using the vulnerability of SMB service in Windows operating systems.

This method encrypts the important data found on the computers that are infected and demands a ransom for the recycling of this information. If the desired 300 dollars is not paid within the specified time, the ransom is also increased for each day.

If the fund is paid, the software becomes a complicated structure, and it also eliminates the possibility of determining who goes to the paid fund. The reason for this is considered to be the use of ‘Bitcoin’, which is called virtual money.

If payment is made, it is not known whether decrypted information will be decoded again.

2-How is the ransom software spread, what is the origin?

Using the information leaked by the NSA, the Worm virus used in the WannaCry attack was able to exploit the vulnerability and infiltrate Windows operating systems using the Windows SMB protocol. By exploiting this vulnerability ransom software has also begun to be developed.

3-What are the affected operating systems?

All active Windows operating systems are affected by this weakness.

Respectively;

-Windows XP

-Microsoft Windows Vista SP2

-Windows 7

- Windows 8.1

-Windows RT 8.1

-Windows 10

-Windows Server 2008 SP2 / R2 SP1

-Windows Server 2016 / R2

-Windows Server 2016

4-How to update the operating system and how to strengthen it?

It has been announced that Microsoft will not support all operating systems that were previously under Windows 8.1. However, after this vulnerability emerged, it was said that Windows 8 and Windows 7 Operating Systems, including Windows XP, would support the removal of this vulnerability.

To turn off the vulnerability, it is necessary to open the updates, to install the update in the name SMB. Microsoft has begun offering users to update via the official website in order to remove this vulnerability.

5-How do you overcome the virus used in the 5-WannaCry attack?

According to reports of leading technology and security companies worldwide, the virus used in the WannaCry attack is generally infected with malware coming down the computer as a result of clicking on links sent to the E-mail.

Recommendations to institutions

The following suggestions and recommendations should be taken into consideration, considering the fact that the most affected by such attacks are official and private organizations:

- Shutdown of the 445/TCP port in the used Windows Operating Systems.

- The authorization transactions of the users in the operating systems should be minimized and the common accounts should be avoided and each system specific accounts should be opened.

- You should investigate security weaknesses in your network and perform penetration tests for it.

-Do not only organize and educate your employees not only for such attacks, but also for training programs related to phishing or social engineering concepts.

- Do not forget to backups regularly and keep backups on a computer that does not have internet connection.

- DKIM, DMARC, SPF checks should be performed by passing the AntiSpam services in sight.

Individual suggestions and recommendations

- Remember to backups of your important information, keep your backups on an external hard drive that computers do not have internet connection.

- To protect your computer from this vulnerability, remember to update, especially check that the update named SMB has been installed.

- Do not open unknown, unidentified E-Mail, do not click on links, do not download files randomly.

- Avoid using programs on websites like Crack, Warez.

- Do not forget that viruses are structures that can hide files like Pdf, Word, and Excel,

- Using Linux open source operating systems instead of Windows Operating Systems, you can be 80 percent more secure than Windows Operating Systems.

- Do not click on abbreviated URLs that you do not know in social media, like links you do not know from E-Mail. Do not forget that people who install malware can use social engineering concepts such as link abbreviations and they can harm users.

Worm: Viruses are small in diameter, described as harmful worms on the Internet. These viruses have the ability to copy on infected computers. It also has the ability to spread on the network.

Exploit: System code is encoded by the open particles.

Payload: is a piece of harful software such as viruses or worms that perform malicious actions. It is used for data clearing, spam sending or encryption.

DK I: Specified by RFC4871 standard is e-mail authentication method.

DMARC: “Domain-based Message Authentication, Reporting, and Conformance,” is a method of showing up E-mails like someone you know.

SPF:  Is a connection protocol basis server and mail server. (Ömer Özbey - ILKHA)

YASAL UYARI: Yayınlanan yazılı haber, fotoğraf ve videonun tüm hakları İlke Haber Ajansı A.Ş.'ye aittir. Hiçbir surette haber, fotoğraf ve videonun tamamı veya bir kısmı yazılı sözleşme yapılmadan veya abone olmadan kullanılamaz.

Susa: Unending pain for a quarter of a century

Susa: Unending pain for a quarter of a century

2017-06-24 14:07:14

The suffering of the mosque massacre carried out by PKK in the village of Susa (Yolaç) of the Silvan district of Diyarbakır on June 26, 1992, maintains its freshness even after the last 25 years.

Eid message from HUDA PAR President Yapıcıoğlu

Eid message from HUDA PAR President Yapıcıoğlu

2017-06-24 11:50:17

HUDA PAR President Zekeriya Yapıcıoğlu published a statement on the occasion of the Ramadan Eid.

Message from the HAMAS on the International Quds Day

Message from the HAMAS on the International Quds Day

2017-06-23 17:15:47

Fazzi Berhum, the spokesman of HAMAS, who issued a message on the occasion of “International Quds Jerusalem Day”, stated that the Islamic Ummah did not forget Quds despite all the games played and all the conspiracies established.

All news

Inspector to appoint for traffic accidents in Lice

Diyarbakır Governor Hüseyin Aksoy stated that the Ministry of Interior will serve as an inspector for two separate traffic accidents involving police armored vehicles in the town of Lice.

Al-Qadr Night performed with prayer and dhikr

The citizens who filled mosques in the program organized relating to the al-Qadr Night which correspond to the end of the month of Ramadan, performed this evening with prayers.

Road accidents in Bitlis: 3 dead, 8 injured

3 people lost their lives in traffic accidents, resulting in the collision of two cars in Bitlis, 8 people were injured.

“May this night be instrumental for the interest of oppressed Muslims”

Political party, NGO, institution representatives and citizens in Batman gave a message about al-Qadr Night which is beneficial than a thousand months were willing to end the bloodshed of Muslims and made wish for tonight to be spent with worship and prayer.

Laylat al-Qadr message from Yapıcıoğlu

HUDA PAR President Zekeriya Yapıcıoğlu wishes that al-Qadr Night be instrumental in bringing the Islamic ummah tightly to the Qur'an.

All news