One of the largest cyberattacks ever is currently hitting PCs in countries and businesses around the world.
You’ve heard the phrase “the road to Hell is paved with good intentions,” right?
Well, a vulnerability first uncovered by the NSA and then released by hackers on the internet is now being used in one of the most prolific cyberattacks ever around the globe.
It’s called WCRY (WannaCry or WannaCrypt) Ransomware, and it’s brought computer systems from Russia to China to the UK and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. So far, more than 200,000 computers in 150 countries have been affected, with victims including hospitals, banks, telecommunications companies and warehouses.
Here’s everything you could want to know about WannaCry.
What is WCRY (WannaCry or WannaCrypt) Ransomware?
It’s the name for a prolific hacking attack known as “ransomware,” that holds your computer hostage until you pay a ransom.
The way it works is that once it infects a computer, it encrypts — or basically scrambles — all the data. Then the program puts up a screen demanding you pay money to get access back. Typically the price increases over time until the end of a countdown, when the files are destroyed.
We first heard about WCRY (WannaCry or WannaCrypt) only a few weeks ago!
Why do hackers do this?
The same reason you get telemarketing calls and junk email: It’s effective.
Security company Symantec says that ransomware attacks alone jumped by more than one-third to over 483,800 incidents in 2016. And that’s just the ones they tracked.
How do I protect my machine?
If you’re running a Windows-powered PC, make sure all your software is up to date. Make sure your System passwords are complex, not “Password or ABC123”, in addition, as always, do not open suspicious emails, click on links you don’t know or open any files you weren’t expecting
What do I do if my computer is infected?
So far, there doesn’t appear to be a proven way to fix WannaCry, except for using existing backups or replications to recover.
Another diabolical twist is if the ransom isn’t paid in 72 hours, the price could double. And after a few days, the files are permanently locked.
Great, so I have to pay these monsters to get my computer back?
While there is no clear fix for WCRY (WannaCry or WannaCrypt), experts highly recommend you not pay to get your data back.
While it may be tempting to fork over the $300 ransom to make the problem go away the FBI, Department of Justice and many tech firms suggest you don’t. One reason is that you’re basically giving money to criminals, who may demand even more money or potentially re-target you in the future since you’ve indicated you’re willing to pay them in the first place.
What is this bitcoin stuff the hackers want us to pay with?
Hackers typically demand payment via bitcoin, an untraceable digital currency often used on shadowy parts of the internet. While it’s hard to trace, the amount of money that’s been sent to the criminals is public information.
Ok, so if I don’t pay, what can I do if I’m infected?
Many experts say wiping your machine and restoring from backups or replications is a better way to go. If you don’t have regular backups of your data, I’m sorry to say you’re in a a world of trouble!
Does WCRY (WannaCry or WannaCrypt) affect my Mac, iPhone or Android?
No. It appears to only affect computers powered by Microsoft Windows. Microsoft released a software update in March that protects against this vulnerability, but we’ve since learned that many people didn’t update their computers.
Microsoft took the unusual step last week to release another update for older PC’s running Windows XP (first released in 2001), Vista (2006) and Windows 7 (2009) and Windows 8 (2012), protecting them as well.
Microsoft, by the way, isn’t happy about this attack, and has slammed spy agencies for stockpiling vulnerabilities instead of reporting them to computer companies to be fixed.
Who’s most vulnerable?
Windows-powered PCs that aren’t running updated software that protect from this vulnerability are the most at risk. WCRY (WannaCry or WannaCrypt) appears to travel across corporate networks, spreading quickly through file-sharing systems.
The nasty part of that is corporate computers are typically controlled by IT departments that choose when to send updates to computers. So if one computer is vulnerable, it’s likely all the computers on a corporate network are too, making it easy for WCRY (WannaCry or WannaCrypt) to have a large impact.
How does WCRY (WannaCry or WannaCrypt) spread?
It appears networks of computers, like schools, companies, hospitals and businesses, are particularly vulnerable. That’s because security researchers say the ransomware is spread through standard file sharing technology used by PCs called Microsoft Windows Server Message Block, or “SMB” for short.
It also appears able to spread to other computers outside corporate networks. Researchers have already found variants of the attack, so there isn’t just one way it works.
What do I do if I’m not hit but worried I might be?
- Make sure your backups/replications are complete & working.
- Make sure your system passwords are complex, not “Password or ABC123”.
- Make sure to check your Windows updates are 100% up-to-date.
- As always, do not open suspicious emails, or click on links you don’t know or open any files you weren’t expecting!
- Talk to your CBM Corporate IT team.