Difference between Ransomware and Malware!

When malware tells the system that a user has been attacked, Ransomware behaves after some operations on the computer, such as encrypted disks and files. This notification usually requires a payment method to return the computer to its previous state.

Theoretically, attackers who manage ransom remotely adjust computers. Of course, as in the case of traditional ransom, it may not be the case.

After money, there are regular ransom attacks that frequently go back to perpetrators. This is slightly more difficult, but most transcript attackers use payment in encrypted currencies such as Bitcoin (see "electronic chain code, encryption, audit trail and database" on "electronicdesign.com") Because it is necessary). Transmission is usually done by creating an anonymous communication system for the user.

WannaCrypt attacks encrypted files on Windows computers and requests $ 300 ransom at Bitcoin. If this is not completed within 3 days of the first attack, that amount will increase to 600 dollars. When the infected machine's file lasts for one week, it is deleted.

WannaCrypt overwrites the incorrect Windows computer with the SMB (Server Message Block) protocol. Microsoft has released the MS-17-010 security patch on March 14 in order to solve this problem, but this update needs to be installed to protect the system. Since most SMB networks are behind a firewall / gateway, WannaCrypt often needs to reach in other ways. Of course, it is easy to connect directly to a wrongly set computer on the Internet.

WannaCrypt, which is worldwide, has a major impact on thousands of computers (mainly in Europe), but is merely an example of ransomware. Also, please be aware that a small amount of money is required and there is a killer switch. The latter is discovered by researchers, but if not, there is a possibility that it has already been expanded.

One way to recover from this type of ransomware attack is to rely on that backup, if any. Unfortunately, there are many backups that are not isolated from the host. Backups on disks stored on the attacked computer are also attacked.

Because this type of attack is not limited to workstations and servers, Ransomware is particularly important for embedded developers. In fact, many embedded systems are already running Windows. On embedded systems there are often additional challenges, as the update process may be limited by one or more considerations. For example, medical systems often require authentication to prevent any updates from being applied. Many of these systems' attack vectors are often found after these restrictions.

Developers need to be aware that the small ransom associated with Wanna Crypt is just the beginning. Destroying hundreds of expensive equipment and millions of inexpensive equipment can lead to a large ransom of firms selling or managing such large collections. Or, while the owner of the equipment maintains in the darkness, just notifying the damaged company related to the company.

However, it is the same to prevent ransomware attacks and to prevent common security vulnerabilities. This means implementing appropriate security measures, minimizing errors, or eliminating them altogether. The remote update assumes that a patch has been introduced before an error is exploited.

Last point: 

     WannaCrypt works even if the system uses a safe start. This is because there is a problem with the security software.


Join Us On Facebook :)