Meet WannaCry. Security wonks are calling it the biggest cyberattack ever.
What the attack does
Cyber bad guys have spread ransomware, known as WannaCry, to computers around the world. It locks down all the files on an infected computer. The hackers then demand $300 in order to release control of the files. That’s why it’s called ransomware.
How it happened
WannaCry takes advantage of a vulnerability in Microsoft Windows.
The software tools to create the attack were revealed in April among a trove of NSA spy tools that were either leaked or stolen. The tools were made public by a hacking group called the Shadow Brokers.
Microsoft released a security patch for the vulnerabilities in March. But many corporations don’t automatically update their systems, because Windows updates can screw up their legacy software programs.
The phenomenon of companies failing to update their systems has been a persistent security problem for years. Playing with fire finally caught up with the victims.
Consumers are also at risk. Microsoft requires Windows 10 customers to automatically update their computers, but some people with older PCs disabled automatic updates.
How widespread is the damage
The attack has been found in 150 countries, affecting 200,000 computers, according to Europol, the European law enforcement agency. FedEx, Nissan, and the United Kingdom’s National Health Service were among the victims.
In the U.K., hospitals were crippled by the cyberattack, which forced operations to be canceled and ambulances to be diverted.
Also hit were Deutsche Bahn, the Russian Central Bank, Russian Railways, Russia’s Interior Ministry, Megafon and Telefónica.
Attempts to contain the attack’s spread appear to have paid off. The number of infected computers did not increase Monday as many had expected.
Who is vulnerable
Anyone who hasn’t updated their Windows PC recently.
Microsoft said it had taken the “highly unusual step” of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003. So even people with older computers should go update them.
Apple’s Mac computers were not targeted by this ransomware attack so are clear. Bad guys generally target Windows far more than Apple’s operating system because there are vastly more computers running Windows around the world.
How to prevent being attacked
According to security company Bitdefender, follow these five steps:
1. Disable your computer’s Server Message Block service.
2. Install Microsoft’s patch.
3. Back up your data on an offline hard drive.
4. Install all Windows updates.
5. Use a reputable security software to prevent attacks in the future.
Who is behind the attack
The hackers remain anonymous for now, but it appears that they are amateurs. A 22-year old security researcher in the U.K. discovered a “kill-switch” to initially stop the spread of the attack. The ease of stopping the attack suggests the hackers were new to this game.
Experts said it appeared that the ransomware had made just over $50,000.
What happens next
Computers and networks that hadn’t recently updated their systems are still at risk because the ransomware is lurking.
Experts say the spread of the virus had been stymied by a security researcher in the U.K. hackers have issued new versions of the virus that cyber security organizations are actively trying to counter and stamp out.
The U.K. government’s cyber office put it succinctly: “[T]he way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.”