What is ‘WanaCrypt0r 2.0’ ransomware | How recovery and Fix Wana Decrypt0r 2.0
We have observed a massive peak in WanaCrypt0r 2.0 (aka WCry) ransomware attacks today, with more than 80,000 detections, so far. According to our data, the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica.
Below is a map showing the countries being targeted most by WanaCrpytor 2.0:
how to prevent getting infected by Wana Decrypt0r ?
We saw the first version of WanaCrypt0r in February and now the ransomware is available in 28 different languages, from languages like Bulgarian to Vietnamese. Today at 8 am CET, we noticed an increase in activity of this strain, which quickly escalated into a massive spreading, beginning at 10 am.
The ransomware changes the affected file extension names to “.WNCRY”, so an infected file will look something like: original_name_of_file.jpg.WNCRY, for example. The encrypted files are also marked by the “WANACRY!” string at the beginning of the file.
This ransomware drops the following ransom notes in a text file:
a type of malicious software designed to block access to a computer system until a sum of money is paid.
Furthermore, the ransom being demanded is $300 worth of bitcoins. The ransom message, where instructions on how to pay the ransom, an explanation of what happened, and a countdown timer are displayed in what the cybercriminals behind the ransomware are referring to as “Wana Decrypt0r 2.0”:
This attack once again proves that ransomware is a powerful weapon that can be used against consumers and businesses alike. Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger.
Infection vector: WanaCrypt0r 2.0
WanaCrypt0r 2.0 is most likely spreading on so many computers by using an exploitthe Equation Group, which is a group that is widely suspected of being tied to the NSA, used for its dirty business. A hacker group called ShadowBrokers has stolen Equation Group’s hacking tools and has publicly released them. As confirmed by security researcher, Kafeine, the exploit, known as ETERNALBLUE or MS17-010, was probably used by the cybercriminals behind WanaCrypt0r and is a Windows SMB (Server Message Block, a network file sharing protocol) vulnerability.
Avast detects all known versions of WanaCrypt0r 2.0, but we strongly recommend all Windows users fully update their system with the latest available patches. We will continue to monitor this outbreak and update this blog post when we have further updates.
WanaCrypt0r 2.0 ransomware virus is a new version of the WannCry ransomware family that has just been identified in an ongoing hacker-coordinated attack. Like its predecessor it seeks to encrypt user sensitive user data and cause other types of damage to the affected hosts.
How Much Does WanaCrypt0r 2.0 Ransomware Cost?WanaCrypt0r 2.0 Ransomware asks for $300 USD in order to unlock your computer. The money has to be paid in Bitcoin, so it expects some equivalent of $300 in Bitcoin.
What Will WanaCrypt0r 2.0 Ransomware Cost To The World?A large ransomware attack like WanaCrypt0r 2.0 is likely to end up costing hundreds of millions of dollars. In 2016, according to Forbes, there were 638 million ransomware attacks. In total, they estimate the cost to one business at $2.4 million.
The WanaCrypt0r 2.0 Ransomware cost is much higher because of the large organizations that it targeted. We estimate that the NHS, for example, has over 1 million infected computers. If the ransom is paid, it would cost the NHS $300 million USD alone to unencrypt its files.
More likely, the NHS has offsite backups, and will need to hire a consultant to repair and restore all of its computers. That would likely cost $25-50 million.
Altogether, among all companies and organizations, the WanaCrypt0r 2.0 Ransomware cost is likely to be more than $250 million.