What is ransomware?
Ransomware is a kind of cyber attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid.
The “WannaCry” ransomware appears to have used a flaw in Microsoft’s software, discovered by the National Security Agency and leaked by hackers, to spread rapidly across networks locking away files.
The attack started on Friday, 12 May 2017,and within a day was reported to have infected more than 230,000 computers in over 150 countries.Parts of Britain’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide.
WannaCry spreads across local networks and the Internet to systems that have not been updated with recent security updates, to directly infect any exposed systems. A “critical” patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack,but many organizations had not yet applied it.Those still running exposed older, unsupported operating systems such as Windows XP and Windows Server 2003, were initially at particular risk but the day after the outbreak Microsoft took the unusual step of releasing updates for these operating systems too. Almost all victims are running newer Windows 7.
Shortly after the attack began, a web security researcher who blogs as “MalwareTech” discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, but new versions have since been detected that lack the kill switch.
The worm is primarily impacting business, where it can spread quickly through a network to take down an entire company. Business take longer to install critical updates and patches, often to avoid impacting any legacy software they are running.
But individuals with PCs running Windows should still take a few precautions. First, install any software updates immediately and make it a regular habit. Turn on auto-updaters where available (Microsoft offers that option). Microsoft also recommends running its free anti-virus software for Windows.
If you don’t already have a backup routine, start now and regularly save copies of all your files. That way if your machine gets infected and your photos and documents are encrypted, you don’t need to worry about losing them.
Finally, always stay alert. Don’t click on links that you don’t recognize, or download files from people you don’t know personally.
It’s not just your computer that you need to be worried about. This attack has impacted many large services and organizations, including hospitals in England, a telecom and natural gas company in Spain, and FedEx. Basic services that impact your life could be impacted even if your own machine is clean.