If you did not know ransomware before, you must have at least heard of it by now. On 12 May 2017, a ransomware attack called WannaCry went on a rampage around the world. Experts are calling this incident the biggest cyber attack in history, as WannaCry had infected more than 230,000 computers in over 150 countries in just a single weekend. Victims include Britain’s National Health Service, Nissan Motors, Spain’s Telefónica, FedEx and many more, leading to PCs and data being encrypted and held for ransom.
What is WannaCry, why is it infecting computers worldwide, and how to defend against it? Find out the 7 quick facts you must know now.
1. The ransomware exploited Windows vulnerability using NSA tools
WannaCry, also known as WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2, is a ransomware that exploits a known vulnerability in Microsoft Windows operating system. It is reported to be using tools developed by the United States National Security Agency (NSA) that was leaked by an anonymous group calling itself “Shadow Brokers” in April 2017.
The infection initially takes place through an exposed Server Message Block (SMB) port of a computer, then it uses the vulnerability to spread out to random computers on the Internet and laterally to computers on the same network. Once WannaCry takes hold of the computer, it then encrypts files, locks the user out of the computer, and requests a ransom.
2. The Shadow Brokers and the Lazarus Group were among the main culprits
The Shadow Brokers is being partly blamed for the attack since they said they had stolen a “cyber weapon” from the NSA in April 2017. The hacking tool, called “Eternal Blue”, gives unprecedented access to all computers using Microsoft Windows. It is reported that another cyber crime group might have spotted this opportunity and leveraged the tool to attack computers worldwide.
Some experts examining the code have found technical clues they said could link North Korea with the attack. Researchers in several security organizations also stated that some code in an earlier version of the WannaCry software had appeared in programs used by the Lazarus Group, which has been identified as a North Korea-run hacking operation.
3. It asks for $300-$600 and has collected $50,000 so far
WannaCry is asking for $300-$600 worth of the cryptocurrency Bitcoin to unlock the computers and data. If victims did not pay up quickly, there is a threat that higher payments would be demanded.
CNN reported that payments have added up to $50,000 worth of bitcoin payments until now, showing that the attack has not been a great success in financial terms, though the substantial damage inflicted on organizations around the world has been orders of magnitude higher. Security experts also continue to urge victims to not pay the ransom fee.
4. Paying the ransom doesn’t guarantee you can get your files back
According to a survey conducted by security analysts, over 200 of the WannaCry victims who promptly paid the ransom successfully got their data back. Nevertheless, cybersecurity experts advise against paying the ransom, highlighting that only about two-thirds of compliant ransomware victims got their data back after meeting hacker demands in history. Microsoft also warned in its frequently-asked-question session of ransomware that “there is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware.”
5. Microsoft has released a security update the patch the vulnerability
Microsoft had already released a security update to patch the vulnerability exploited by the ransomware. On the same day of the attack, a Microsoft spokesman said its engineers had provided additional detection and protection services against the WannaCry ransomware and that it was working with customers to provide additional assistance. The spokesman reiterated that customers who have Windows Updates enabled and use the company’s free antivirus software are protected.
6. New versions of WannaCry appeared soon after the “kill switch” was thrown
A British cybersecurity researcher has discovered a “kill switch” that can halt the spread of the WannaCry ransomware by accident. The researcher, tweeting as @MalwareTechBlog, said he was able to purchase an unregistered website domain name for $10.69 to stop the ransomware from spreading.
However, it did not take long for new versions of WannaCry to appear after the kill switch code was removed and the ransomware has since been updated.
7. Backup is your best protection
There’s not much you can do once WannaCry has encrypted your files. The first line of defense against ransomware is installing the latest Windows security updates released by Microsoft.
As ransomware encrypts data, the most crucial protection is to maintain good backups of your valuable data. In the event of a ransomware disaster, you can simply wipe out your system and recovery the data from a clean backup copy stored in remote and cloud destinations.
In the future, ransomware will surely continue to be a top cyber threat. Don’t wait anymore and start backing up your computer if you want to survive from the next waves of ransomware attacks. Download this FREE ransomware survival kit to learn how to protect yourself now!