WannaCry: What You Need to Know About Global Ransomware Attack
As news continues to spread of WannaCry, the vicious strain of malware that has already attacked 200,000 computers in over 150 countries since Friday, Internet users are scrambling to educate themselves on their new cyber enemy.
This globetrotting “ransomware,” reportedly stolen in April from the NSA’s stockpile of cyberweapons, spreads via e-mail, exploiting vulnerabilities in Microsoft operating systems to encrypt users’ files and lock them out of their computers. The program demands an initial $300 in bitcoin, threatening to destroy the data if no payment is received – and increase the fee after seven days.
WannaCry (also known as Wana Decryptor or WCry) first emerged in Europe and appears to have hit Russia the hardest, The New York Times reports, citing an analysis by Russian antivirus company Kaspersky Lab. The malware targeted government buildings, banks and railroads in Russia, prompting a stern response from government officials.
Frants Klintsevich, deputy chairman of the Russian Senate defense committee, called the cyberattack “an alarming signal, and not just a signal but a direct threat to the normal functioning of society, and important life-support systems,” The New York Times reports, citing state-run Tass news agency. “I cannot exclude that the main task consists now of frightening the whole world,” he added. “The attacks hit hospitals, railroad transport and police. Over these days, the world got a serious warning.”
WannaCry, widely reported as the most significant ransomware attack to date, was first detected on Friday in Britain, crippling hospitals and doctors’ offices – and even causing some patients to be refused for treatment. It also created significant disruptions in Ukraine, India and Taiwan, France and Germany.
By Monday, the attacks continued to spread across the world, affecting major institutions like U.K.’s National Health Service, Russia’s Ministry of Interior, Chinese government agencies, Germany’s Deutsche Bahn rail system, automakers Nissan Motor Co. and Renault SA, PetroChina, logistics giant FedEx Corp, Bloomberg reports. Company and hospital computer systems in Eastern Europe, the U.S. and Asia were also compromised.
The attack is the latest in a series of security breaches for the NSA dating back to last summer, when a group calling itself “Shadow Brokers” started posting hacking weapons pilfered from the organization.
In a Microsoft blog post issued on Monday, company president Brad Smith called the WannaCry attack a “wake-up call” for the international governments and the tech sector to stop exploiting digital vulnerabilities and work together. Smith also compared the NSA losing control of the software to “the U.S. military having some of its Tomahawk missiles stolen.”
“This is an emerging pattern in 2017,” he continued. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”
Microsoft reportedly released a security update for current operating systems in March that protected against the malware. The company offered another patch on Friday for older operating systems, including Windows XP.
On Monday, the British National Crime Agency tweeted an infographic of helpful “Dos” and “Don’ts” to help minimize the effects of ransomware. Tips include updating software regularly; using anti-virus software; regularly backing up data; never clicking on unknown attachments, banners or links; consulting your anti-virus provider on instructions for removing the infection; and never paying out any money.
We haven’t seen a second spike in #WannaCry #ransomware attacks, but that doesn’t mean there won’t be one. Make sure you follow this advice pic.twitter.com/MgGfaBr9wG
— NationalCrimeAgency (@NCA_UK) May 15, 2017