Ransom ware wanna cry virus affected system pop up message
What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
You can decrypt some of your files for free. Try now by clicking <Decrypt>.
But if you want to decrypt all your files, you need to pay.
You only have 3 days to submit the payment. After that the price will be doubled.
Also, if you don't pay in 7 days, you won't be able to recover your files forever.
We will have free events for users who are so poor that they couldn't pay in 6 months.
How Do I Pay?
Payment is accepted in Bitcoin only. For more information, click <About bitcoin>.
Please check the current price of Bitcoin and buy some bitcoins. For more information, click <How to buy bitcoins>.
And send the correct amount to the address specified in this window.
After your payment, click <Check Payment>. Best time to check: 9:00am - 11:00am GMT from Monday to Friday.
Once the payment is checked, you can start decrypting your files immediately.
After infecting.Wannacry ransomware displays the following screen on infected system
About -Nature of Ransom ware :-
By now all of we have heard of the global ransom ware attack. It has created a lot of confusions in the mind of computer users. Over 60,000 companies of more than 100 countries have become the victim of this malware. So how this ransom ware works and what are the possible solutions......
The term 'RANSOMWARE' itself gives the idea of its nature. It is somehow related to some kind of ransom. Yes, exactly it is. It is a type of malware which gets into your computer and locks down all the files. Afterwards it seeks for money from the user in order to get access to the locked files. The recent ransomwares are smarter than ever. It just not only locks down the files rather it encrypts the files which makes it really impossible to crack open the locked files. As a result the users do not have any other way to regain access to their locked files but to pay the money and get the decryption code.
So how does it get into your computer..???
The easiest to get into someone's computer is through attachments of spam emails or by entering into any unknown link. The extension of these files are different than the conventional files. Usually users turn off the file extensions, so they can not know what kind of file they are clicking on. The virus file pretends like a doc file or any other text file. But if you turn on the file extension of your computer you will see that the file extensions are different. As you click on the file all your data start encrypting and eventually asking you for ransom.
In case if you are interested these are the possible real extensions of ransomware files......( .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .keybtc@inbox_com, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .SUPERCRYPT, .CTBL, .CTB2, .locky or 6-7 length extension consisting of random characters.)
The recent ransom ware which is causing mass loss is known as #Wanna Cry. This asks for opening a java script file in your email in the format (.js). So it is now recommended not to open any unknown attachments sent through emails.
How to recover a ransom ware infected computer........?
Well, for now there is no way to open the encrypted files. As I mentioned earlier you have to pay through bitcoins in order to get the decryption code.
Safety measures :
1. Keep your Operating System up to date.
2. Keep you Anti-Virus up to date.
3. Create back up for the most important files either in a secured hard drive or in a secured cloud storage.
4. Do not open any email attachments from unknown senders.
5. Be careful while opening and downloading from any unknowing third party websites.
6.Be aware of fraudulent e-mail messages that use names similar to popular services such as PayePal instead of PayPal or use popular service names without commas or excessive characters.
7.Keep your files backed up regularly and periodically.
8.Be wary of visiting unsafe or unreliable sites.
Stay safe.......... :)
Massive Ransom ware attack...Total 74 countries affected...Please do not open any email which has attachments with "tasksche.exe" file. Please send this important message to all your computer users.
How to Prevent Global Ransomware wanna cry virus
a critical Microsoft vulnerability has been exploited (Microsoft Security Bulletin MS17-010 – Critical) which is being used to spread global ransomware across globe thus effecting critical health care information on Microsoft client machines and servers. The details of the vulnerability is mentioned below:-
https://www.microsoft.com/en-us/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt )
The mitigate the vulnerability, you are requested to direct your IT team/vendors to perform the below mentioned workarounds on client machines of your division/hospital and servers where your application/websites are hosted on immediate basis:-
3) Refer https://technet.microsoft.com/en-us/library/security/ms17-010.aspx and accordingly patch all the Microsoft Windows based Cloud VMs on urgent basis.
4) If TCP/UDP 445 ports are not in use, please ensure that ports TCP/UDP 445 are blocked at VM level using its local firewall settings (document attached may be referred for more details).
5)close windows 445/137/138/139 port, where several options to share the windows closed 445/137/138/139 port for Window2003/XP/Windows 7/Windows 8/Windows 10 system.
6) Countermeasures suggested by the Cyber Swachhta Kendra, CERT-IN, GoI to prevent Wannacry ransomware. http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html
What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
You can decrypt some of your files for free. Try now by clicking <Decrypt>.
But if you want to decrypt all your files, you need to pay.
You only have 3 days to submit the payment. After that the price will be doubled.
Also, if you don't pay in 7 days, you won't be able to recover your files forever.
We will have free events for users who are so poor that they couldn't pay in 6 months.
How Do I Pay?
Payment is accepted in Bitcoin only. For more information, click <About bitcoin>.
Please check the current price of Bitcoin and buy some bitcoins. For more information, click <How to buy bitcoins>.
And send the correct amount to the address specified in this window.
After your payment, click <Check Payment>. Best time to check: 9:00am - 11:00am GMT from Monday to Friday.
Once the payment is checked, you can start decrypting your files immediately.
About -Nature of Ransom ware :-
By now all of we have heard of the global ransom ware attack. It has created a lot of confusions in the mind of computer users. Over 60,000 companies of more than 100 countries have become the victim of this malware. So how this ransom ware works and what are the possible solutions......
The term 'RANSOMWARE' itself gives the idea of its nature. It is somehow related to some kind of ransom. Yes, exactly it is. It is a type of malware which gets into your computer and locks down all the files. Afterwards it seeks for money from the user in order to get access to the locked files. The recent ransomwares are smarter than ever. It just not only locks down the files rather it encrypts the files which makes it really impossible to crack open the locked files. As a result the users do not have any other way to regain access to their locked files but to pay the money and get the decryption code.
So how does it get into your computer..???
The easiest to get into someone's computer is through attachments of spam emails or by entering into any unknown link. The extension of these files are different than the conventional files. Usually users turn off the file extensions, so they can not know what kind of file they are clicking on. The virus file pretends like a doc file or any other text file. But if you turn on the file extension of your computer you will see that the file extensions are different. As you click on the file all your data start encrypting and eventually asking you for ransom.
In case if you are interested these are the possible real extensions of ransomware files......( .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .keybtc@inbox_com, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .SUPERCRYPT, .CTBL, .CTB2, .locky or 6-7 length extension consisting of random characters.)
The recent ransom ware which is causing mass loss is known as #Wanna Cry. This asks for opening a java script file in your email in the format (.js). So it is now recommended not to open any unknown attachments sent through emails.
How to recover a ransom ware infected computer........?
Well, for now there is no way to open the encrypted files. As I mentioned earlier you have to pay through bitcoins in order to get the decryption code.
Safety measures :
1. Keep your Operating System up to date.
2. Keep you Anti-Virus up to date.
3. Create back up for the most important files either in a secured hard drive or in a secured cloud storage.
4. Do not open any email attachments from unknown senders.
5. Be careful while opening and downloading from any unknowing third party websites.
6.Be aware of fraudulent e-mail messages that use names similar to popular services such as PayePal instead of PayPal or use popular service names without commas or excessive characters.
7.Keep your files backed up regularly and periodically.
8.Be wary of visiting unsafe or unreliable sites.
Stay safe.......... :)
Massive Ransom ware attack...Total 74 countries affected...Please do not open any email which has attachments with "tasksche.exe" file. Please send this important message to all your computer users.
How to Prevent Global Ransomware wanna cry virus
a critical Microsoft vulnerability has been exploited (Microsoft Security Bulletin MS17-010 – Critical) which is being used to spread global ransomware across globe thus effecting critical health care information on Microsoft client machines and servers. The details of the vulnerability is mentioned below:-
https://www.microsoft.com/en-us/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt )
The mitigate the vulnerability, you are requested to direct your IT team/vendors to perform the below mentioned workarounds on client machines of your division/hospital and servers where your application/websites are hosted on immediate basis:-
1)Please make sure that your machine's antivirus is updated with latest definition before connecting to office network.
2)keep up to date operating system - Update latest windows security patches from Microsoft
4) If TCP/UDP 445 ports are not in use, please ensure that ports TCP/UDP 445 are blocked at VM level using its local firewall settings (document attached may be referred for more details).
5)close windows 445/137/138/139 port, where several options to share the windows closed 445/137/138/139 port for Window2003/XP/Windows 7/Windows 8/Windows 10 system.
6) Countermeasures suggested by the Cyber Swachhta Kendra, CERT-IN, GoI to prevent Wannacry ransomware. http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html
*some information taken from Whatsapp
0 comments: