This news is having so much scope and is spreading so much panic in the network, that we are forced to inform all our followers of what the so-called ransomware is Wanna decryptor which it began by infecting Telefónica's Windows computers but is spreading worldwide at breakneck speed.
From what we have been able to know, companies such as Iberdrola, Gas Natural, BBVA, La Caixa and Caja Sabadell, among others, have also been affected and those responsible for security of these companies put their hands at the head and urge their employees through last minute and urgent communications to turn off the equipment and physically disconnect the network cable from them in case of having them connected to intranet networks .
As you can see what we are going to tell you in this article, you will surely see it in today's news and that is there is a cyberattacks worldwide with a ransomware called Wanna Decryptor that exploits a vulnerability in the Windows system in several of its versions to be able to infect the computers and later cause the loss of control of it, having the affected person to pay an amount of dollars in bitcoins if he wants the key to unlock the data.
What is Wanna Decryptor ransomware and how does it work
Before proceeding, the first thing to do is discuss what Wanna Decryptor ransomware is and how it works. Ransomware It is a computer malware that, like others, is installed on computers in a hidden way from the user and when the attacker puts it into operation what he does is start to encrypt all the information very quickly contained in said equipment so that in order to access said data, a password must be entered, which in this case is not found locally on the affected computers but on the attacker's computer.
We have to be very careful because in this case this ransomware called Wanna Decryptor is infecting computers through spam emails containing false receipts or invoices, security warnings, undelivered email notices or job offers. A ZIP file is sent to the user which, when unzipped, starts the infection process. It should be noted that this type of malware not only infects Windows PCs It can also affect mobile devices, leaving them totally inaccessible.
From what has been seen in the screenshots and photographs that have already been published on the network, the attackers ask an amount of $ 300 in bitcoins that if they are not subscribed in a certain time, there would be no going back.
Now, the problem does not end here and it is that in large companies like Telefónica what has happened is that since a computer is infected, malware runs through the intranet and infects all other computers and that is why the company has urged all its workers to shut down their computers until further notice and even disconnect mobile phones from the WiFi network.
Security experts speak of a catastrophe
If you have a Windows computer you should be careful and install the latest security update that Microsoft has published to cover the security flaw, although if you have been infected you no longer have anything to do unless you pay what they ask for, which the experts do not assure that once you pay you can get the key.
If you do not have the latest versions of Windows installed and you have one of the versions that Microsoft no longer maintains, you have it much more difficult and that is precisely what is happening in large companies since there are many who still use Windows XP on their computers .
The affected operating systems are Windows 7, 8.1, Windows 10, Windows Vista SP2, Windows Server 2008/2012/2016) since the malware makes use of the vulnerability included in a Microsoft security bulletin last March 14. Here you have a supporting document in order to solve the problem.
The most feasible solution is to be in the situation of have a data backup to be able to restore the encrypted data, but as you may have already imagined, on many occasions this does not occur in all the data present in a company.
For now, this problem does not affect computers in the bitten apple, which does not mean that we lower our guard when opening and executing ZIP files without knowing their origin.
Well, I received a notification from Mega that someone has entered my account (12/05/2017 10:25 AM) and changed the password, looking at the activity history, it came from France using Internet Explorer (which I have never used).
I exclusively use Mac, updated on time and I have not opened any attachments and when I started the computer today, it has taken unusually much longer than usual, I have passed Onyx exhaustively and apparently it has been normalized, but I have doubts about how all this could happen ...