WannaCry attack in 5 questions

WannaCry attack in 5 questions

Added date : 2017-05-16 16:53

NEWS CENTER - ILKHA ARGE Unit investigated the WannaCry attack spread across more than 100 countries around the world in 5 questions.

WannaCry attack in 5 questions

Ilke News Agency (ILKHA) ARGE Unit has investigated the method, damage and protection reflexes of this attack in 5 questions. In the past days, the WannaCry cyber-attack has affected more than 100 countries.

With the harmful software Ransomware, the WannaCry cyber-attack has deeply embraced more than 100 countries around the world, especially those that are fully integrated into the computing technology. Countries that were not under the full influence of this technology were not affected by the large scale of the cyber-attack.

While the UK was the most vulnerable to the attack, many banks and the health sector suffered a major collapse. Russian banks and European automobile factories also effected. ICTA [Information and Communication Technologies Authority] President Ömer Fatih Sayan explained that 74 countries including Turkiye were affected from the attack.

It is reported that Ransomware, which is used for WannaCry attack, is affected by many official institutions, including banks, which have captured and encrypted important data in many countries.

Although Ransomware has not been used completely for attack purposes until now, it is known that money was asked for encrypted data that is encrypted through this software.

1-What is WannaCry (WCRY), what are the damages, what kind of damages give to the systems?

In April, the National Security Agency (NSA) leaked an exploit kit called FUZZBUNCH. When this exploit is used together with the DOUBLEPULSAR payload contained in another exploit, it is possible to run the command line as administrator without the administrator login of the relevant system by using the vulnerability of SMB service in Windows operating systems.

This method encrypts the important data found on the computers that are infected and demands a ransom for the recycling of this information. If the desired 300 dollars is not paid within the specified time, the ransom is also increased for each day.

If the fund is paid, the software becomes a complicated structure, and it also eliminates the possibility of determining who goes to the paid fund. The reason for this is considered to be the use of ‘Bitcoin’, which is called virtual money.

If payment is made, it is not known whether decrypted information will be decoded again.

2-How is the ransom software spread, what is the origin?

Using the information leaked by the NSA, the Worm virus used in the WannaCry attack was able to exploit the vulnerability and infiltrate Windows operating systems using the Windows SMB protocol. By exploiting this vulnerability ransom software has also begun to be developed.

3-What are the affected operating systems?

All active Windows operating systems are affected by this weakness.


-Windows XP

-Microsoft Windows Vista SP2

-Windows 7

- Windows 8.1

-Windows RT 8.1

-Windows 10

-Windows Server 2008 SP2 / R2 SP1

-Windows Server 2016 / R2

-Windows Server 2016

4-How to update the operating system and how to strengthen it?

It has been announced that Microsoft will not support all operating systems that were previously under Windows 8.1. However, after this vulnerability emerged, it was said that Windows 8 and Windows 7 Operating Systems, including Windows XP, would support the removal of this vulnerability.

To turn off the vulnerability, it is necessary to open the updates, to install the update in the name SMB. Microsoft has begun offering users to update via the official website in order to remove this vulnerability.

5-How do you overcome the virus used in the 5-WannaCry attack?

According to reports of leading technology and security companies worldwide, the virus used in the WannaCry attack is generally infected with malware coming down the computer as a result of clicking on links sent to the E-mail.

Recommendations to institutions

The following suggestions and recommendations should be taken into consideration, considering the fact that the most affected by such attacks are official and private organizations:

- Shutdown of the 445/TCP port in the used Windows Operating Systems.

- The authorization transactions of the users in the operating systems should be minimized and the common accounts should be avoided and each system specific accounts should be opened.

- You should investigate security weaknesses in your network and perform penetration tests for it.

-Do not only organize and educate your employees not only for such attacks, but also for training programs related to phishing or social engineering concepts.

- Do not forget to backups regularly and keep backups on a computer that does not have internet connection.

- DKIM, DMARC, SPF checks should be performed by passing the AntiSpam services in sight.

Individual suggestions and recommendations

- Remember to backups of your important information, keep your backups on an external hard drive that computers do not have internet connection.

- To protect your computer from this vulnerability, remember to update, especially check that the update named SMB has been installed.

- Do not open unknown, unidentified E-Mail, do not click on links, do not download files randomly.

- Avoid using programs on websites like Crack, Warez.

- Do not forget that viruses are structures that can hide files like Pdf, Word, and Excel,

- Using Linux open source operating systems instead of Windows Operating Systems, you can be 80 percent more secure than Windows Operating Systems.

- Do not click on abbreviated URLs that you do not know in social media, like links you do not know from E-Mail. Do not forget that people who install malware can use social engineering concepts such as link abbreviations and they can harm users.

Worm: Viruses are small in diameter, described as harmful worms on the Internet. These viruses have the ability to copy on infected computers. It also has the ability to spread on the network.

Exploit: System code is encoded by the open particles.

Payload: is a piece of harful software such as viruses or worms that perform malicious actions. It is used for data clearing, spam sending or encryption.

DK I: Specified by RFC4871 standard is e-mail authentication method.

DMARC: “Domain-based Message Authentication, Reporting, and Conformance,” is a method of showing up E-mails like someone you know.

SPF:  Is a connection protocol basis server and mail server. (Ömer Özbey - ILKHA)

YASAL UYARI: Yayınlanan yazılı haber, fotoğraf ve videonun tüm hakları İlke Haber Ajansı A.Ş.'ye aittir. Hiçbir surette haber, fotoğraf ve videonun tamamı veya bir kısmı yazılı sözleşme yapılmadan veya abone olmadan kullanılamaz.

Hope-Gate Association ready for Ramadan

Hope-Gate Association ready for Ramadan

2017-05-24 11:42:29

Hope-Gate [Umut Kapısı] Food Bank Association, which operates in Diyarbakır, completed preparations for Ramadan.

“HAMAS will never give Palestinian lands to israel”

“HAMAS will never give Palestinian lands to israel”

2017-05-24 11:06:57

HAMAS's Foreign Relations Officer Usame Hamdan, who came to Diyarbakir for a series of visits, said that they would never give their land to Israel.

Turkiye isolates Austria from NATO

Turkiye isolates Austria from NATO

2017-05-24 10:50:03

According to information based on NATO diplomats, due to the tension between Ankara and Vienna, Austrian troops will not be able to exercise together with NATO countries and will not participate in important alliance programs of the alliance.

All news

Abu Marzook: America is Israel's occupation partner

Mousa Abu Marzook, a member of the Hamas Political Unit, said that the US supported Israel as an occupying partner and supported the occupation regime with money and arms against the Palestinian people.

Intimidation to deputy who asks the dismiss of Trump: Hanging you from a tree

Al Green, a member of the Democratic Party, the first official tribunal in Congress to dismiss US President Donald Trump, has become the target of death threats and hate speech.

75 percent of Turkiye’s people do not support EU accession

Can Baydarol, EU Expert, said that Turkiye’s people who support EU accession decreased from 75 to 25 percent, who attended the meeting titled “The Developments of EU-Turkiye Relations in the eye Media” organized by Van TSO EU Information Center.

More than 31 million people have been displaced in a year

According to the NRC and IDMC, in 2016 more than 31 million people worldwide have been displaced within the country.

Explosion in concert in England: 19 dead 59 injured

19 people were killed in the explosion in the concert hall in Manchester, England, about 59 people were injured.

All news