On Friday, the largest cyberattack ever infected over 200,000 computers in over 150 countries around the world. The attack launched a virus that locked the computers’ data until a ransom of $300 was paid in Bitcoin.
The ransomware virus, called WannaCry, infected computers in organizations ranging from the British healthcare system (NHS), to FedEx in the US, to the Russian Interior Ministry.
Although Friday’s massive cyberattack was stopped, the virus may soon return in a different form. It’s important to learn about the virus and the steps you should take now to protect your data from future versions of WannaCry.
How the Virus Locked Computers
WannaCry attacked computers that were connected to the Internet and that used Windows operating systems which had not yet been updated to a security patch that had been released by Microsoft in March of this year.
Unlike many other viruses, WannaCry didn’t depend on users clicking on links or attachments in emails or websites. Instead, the virus spread through the Internet looking for computers running Windows that had not been updated, and used a security hole to spread the infection and lock the data.
The New York Times has published an interactive graphic showing the spread of WannaCry on Friday: Animated Map of How Tens of Thousands of Computers Were Infected With Ransomware.
In addition to being widespread, the virus had a deep impact, affecting the health and safety of many people. The NHS in the UK was forced to reroute ambulances, cancel surgeries, and close hospitals to all but emergency cases. Patient records, lab results and appointment schedules were unavailable, putting lives at risk.
— NHS England (@NHSEngland) May 14, 2017
How WannaCry Was Thwarted Accidentally
A developer accidentally discovered a way to disable WannaCry from spreading. He dug into the computer code and noticed that the virus directed the computers to a domain name. In a stroke of brilliance he checked on the domain name and discovered that it was available, so he bought it for a mere $10.69. That simple move enabled a “kill switch” that prevented WannaCry from spreading further.
Unfortunately, the kill switch does not unlock computers that were already infected by the virus.
The developer has chosen to remain nameless but goes by the Twitter handle @malwaretechblog. He wrote a blog post that explains in detail how he happened to discover the kill switch for WannaCry: How to Accidentally Stop a Global Cyber Attacks.
But We’re Not Safe Yet
This cyberattack took advantage of a security vulnerability in Windows that was fixed by an update to Windows 10 that Microsoft released in March. The vulnerability still exists for computers running previous versions of Windows and for computers running Windows 10 that do not yet have the March update installed.
If you haven’t updated your Windows computer to the most recent version of Windows 10, and weren’t affected by WannaCry, don’t assume your computer is safe. The virus may come back.
All the hackers have to do to launch a new cyberattack is to change the domain name embedded in WannaCry, then release the updated virus.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.
— MalwareTech (@MalwareTechBlog) May 14, 2017
How to Protect Your Data Against Future Cyberattacks
If you haven’t done so yet, download the latest Windows security patch to your computer. Microsoft, the maker of Windows, has now released security patches for older versions of Windows that give protection against WannaCry.
See, Microsoft How to keep your Windows computer up-to-date to find out how to update your Windows computer.
Allow automatic Windows updates if you aren’t diligent about keeping your computer updated.
Also, make sure that you back up your data. If major institutions can lose their data to cyberattacks, you can too. Do regular backups of your data, both locally with an external drive and in the Cloud, so you preserve your data
if when another cyberattack occurs.
Be sure not to click on links or download attachments in emails unless you are absolutely sure that they are not “phishing” emails from hackers. Although WannaCry didn’t use these methods, other ransomware attacks have in the past.
Had you heard about the cyberattack last week? Were you affected by WannaCry? Have you updated your computer and downloaded the latest version of Windows (or MacOS if you use an Apple computer)? Do you backup your data regularly?
Share your thoughts in the Comments section below!