Wannacry attack explained
WannaCry has been labeled as the most severe malware attack so far in 2017 by far, and the spread of this ransomware is far from over. In this post, we’ll take a look at exactly what WannaCry is, how it works, and how you can protect your computer systems from being held, hostage.
So, what is WannaCry and how does it work?
The WannaCry virus, which started spreading globally late last week is a form of malware known as ransomware. It attacks vulnerable systems locking people out of their computers, encrypts all their files, and demands a ransom in return for a $300 bitcoin payment in return for a decryption key. Should the user not pay the ransom within three days, the ransom demand doubles to $600 and if not paid within seven days, all files will be deleted. The malware has infected over 200,000 systems in 150 different countries, shutting down everything from hospitals and mobile operators to car manufacturers, oil companies, universities, warehouses, and banks.
Though it might seem to only be an issue for governments, businesses, and large institutions, individual systems are indeed also at risk. WannaCry works by exploiting an old Windows OS flaw where the OS has not been patched or updated. Recent versions of the Windows OS should not be vulnerable to the ransomware as long as you’ve been keeping these systems updated. Older Windows OS versions including specifically Windows 8, Windows XP, and Windows Server 2003, are all vulnerable.
Should you pay the ransom?
One thing is certain, technology and cyber security experts all agree – do NOT pay the ransom! When dealing with ransomware, you’re essentially dealing with criminals so there’s no reason to expect that they’ll uphold their end of the bargain.
In the case of WannaCry, your chance of getting your files back – even if you do pay – is about as close to zero as you’ll find because of the way the malware is designed. Matthew Hickey, a cyber-security researcher at UK-based firm Hacker House, explained to the BBC: "A manual human operator must activate decryption".
And, security expert Prof Alan Woodward from the University of Surrey also spoke to the BBC explaining that, “Victims are also expected to contact the criminals for a key to unlock their files. I very much doubt anyone would return your contact request, bearing in mind the attention that is now on this. If anyone pays this ransom they are more than likely going to send Bitcoin that will sit in an address forevermore. No point."
If you’re unsure about exactly what Bitcoin is and how it works and you'd like to know a little more, read our recent article offering a beginner’s guide to Bitcoin and what it means for eCommerce.
How you can protect yourself
The most general rule to protect yourself from losing your valuable data has got to be to back it up. Constantly. The next rule of thumb is of course to keep all your software and operating systems updated.
To protect yourself from the immediate threat of the WannaCry ransomware:
- Patch your Windows OS immediately. Microsoft released a patch that prevents WannaCry infection back in March already, two months before this latest version of the ransomware appeared. This will update all of the newer Windows operating systems and ensure that you’re not vulnerable.
- Microsoft has also released patches for both Windows 8 and Windows XP – operating systems which the company no longer supports. If no important updates come up when you run the Windows Update in these operating systems, visit Microsoft’s customer guidance for WannaCry attacks and click on the link for your specific operating system where you’ll find instructions for manually installing the patch.
- If you’re not running any anti-virus software, now is as good a time as any to start. While this may not be bulletproof, any good anti-virus software will now stop the WannaCry malware if it’s up to date.
- Don’t open dodgy email links. This is old news already but people still get caught out all the time. If you really want to keep your system safe, fight the urge to follow links and open emails and attachments from unknown sources.
- Again, we can’t stress enough how important it is to create backups of your data. All the time. Cloud storage may be an option you want to consider here. If you have cloud backups, your chances of restoring your encrypted data are pretty good since you’ll be able to access earlier versions of them if your storage provider keeps rollback versions of your files.
While the malware seems to have slowed down, it’s important to remain vigilant as new iterations are regularly released following the first major attack. If you want to read more about the proliferation of ransomware and how you can protect yourself, read our recent article on the subject. One thing's for sure, you can never be too careful!