Protect Yourself and Report the Latest Frauds, Scams, Spams, Fakes, Identify Theft Hacks and Hoaxes
May 12, 2017 saw a rapid spreading ransomware virus, spread by email. If you received the email and clicked on the links, you saw a screen demanding payment of $300 worth of the online currency Bitcoin, and a message saying:
with additional text demanding a payment of $300 in Bitcoin. The ransomware, as this typpe of malware attack is called, appears to come from as yet unknown hackers who took advantage of a software exploit which was originally developed by the National Security Agency. The ransomware has spread to at least 150 countries, including the UK, Japan, Spain, France, Cina, Russia and the U.S.. Estimates are that over 200,000 computers have been infected.
The ransomeware seems to take advantage of a weakness in versions of Microsoft Windows operating systems which are not up to date on security patches. As of May 2017, there have been no reports ofd it affecting Apple computers, ipads or iphone nor Android cell phones.
Make sure your computer's operating system has all current updates and security patches. In Windows,
The best method is to use a professional service or professional software, like MalwareBytes or Symantec Norton Security.
It is critical that you install all available OS updates to prevent getting exploited by the MS17-010 vulnerability. Any systems running a Windows version that did not receive a patch for this vulnerability should be removed from all networks. If your systems have been affected, DOUBLEPULSAR will have also been installed, so this will need to also be removed. A script is available that can remotely detect and remove the DOUBLEPULSAR backdoor. Consumer and business customers of Malwarebytes are protected from this ransomware by the premium version of Malwarebytes and Malwarebytes Endpoint Security, respectively.
Symantec says (May 2017):
Decryption is not available at this time but Symantec is investigating. Symantec does not recommend paying the ransom. Encrypted files should be restored from back-ups where possible.
So, let's be clear; your encrypted files are gone, but you can remove the virus and make your computer safe for use again. Here is how:
For those who feel up to the challenge of going it alone, here are the general directions with links to more details. Encrypted files will have .WCRY appended to the end of the file names. The Trojan then deletes the shadow copies of the encrypted files. The Trojan drops the following files in every folder where files are encrypted: !WannaDecryptor!.exe.lnk and !Please Read Me!.txt.
The Gauradian, SlashDot, CNBC and NY Times are reporting thst North Korea is behind the WannaCry ransomware. Kaspersky and Symantec both said on Monday that the North Korean cybergang known as Lazarus Group used very similar code. in 2015 and in the 2014 attack on Sony Pictures and an $81m heist on a Bangladeshi bank in 2016.