Cybercrime

WannaCry Ransomware: What You Need to Know

If you've been wondering what WannaCry is and if you're at risk, here's the lowdown.
WannaCry Ransomware: What You Need to Know
Image credit: via PC Mag
Executive Editor, PCMag
This story originally appeared on PCMag

Hundreds of thousands of PCs were attacked by ransomware known as WannaCry on Friday, throwing government agencies and private businesses around the globe into disarray. If you've been wondering what actually happened, here's the lowdown.

What is WannaCry?

WannaCry is the name of a serious strain of ransomware that hit Windows PCs worldwide, starting on Friday. Those who were infected found their computers locked, with hackers demanding a $300 ransom to unlock the device and its files.

 

How were people infected?

Like many malware infections, it appears that human error is to blame. According to The Financial Times, someone in Europe downloaded a compressed zip file that was attached to an email, releasing WannaCry on to that person's PC. Many others did the same, and when all was said and done, at least 300,000 devices were affected globally.

That sucks, but it's their problem, right?

Not exactly. Among the affected PCs were those used by the U.K.'s National Health System (NHS). With computers locked, staff were unable to access patient records and other basic services. Appointments and surgeries were cancelled and medical facilities were shut down as NHS tried to stop the spread of WannaCry. Also affected: Germany's rail systemRenault and Nissan factoriesFedExSpanish telecom Telefonica and even Russia's central bank.

During a Monday press briefing, Homeland Security Advisor Tom Bossert said WannaCry had not hit any U.S. government systems.

Is my PC at risk?

If you're running Windows 10 you're safe, as WannaCry does not target Microsoft's newest OS.

If you're running other, supported versions of Windows (Vista, Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016), a patch that Microsoft released in March addressed the vulnerability that WannaCry targets. So hopefully you or your office's IT department installed that update.

 

There are some people, however, who are still running aging versions of Windows; 7 percent still run Windows XP despite the fact that Redmond no longer issues security updates for it. So Microsoft took the unusual step of releasing a WannaCry patch for old versions of Windows it no longer supports, including Windows XP, Windows 8 and Windows Server 2003.

Regardless of which version of Windows you have, make sure you're up to date with your security patches.

Ransomware isn't new. Why is this such a big deal?

WannaCry uses an exploit known as EternalBlue developed by the U.S. National Security Agency (NSA), which used it to go after targets of its own. Unfortunately, EternalBlue and other NSA hacking tools were leaked online last year by a group known as the Shadow Brokers, putting these powerful tools in the hands of anyone able to use them.

Is this still an issue?

Quite by accident, a U.K. researcher known as MalwareTech managed to hobble the spread of WannaCry over the weekend. He acquired a sample of the malware on Friday and ran it a virtual environment. He noticed it pinged an unregistered domain, so he registered it himself, as he often does in these types of situations. Lucky for him (and countless victims), WannaCry only locked PCs if it couldn't connect to the domain in question. Before MalwareTech registered the domain, it didn't exist, so WannaCry couldn't connect and systems were ransomed. With the domain set up, WannaCry connected and essentially died, protecting PCs.

Great, so we're done here?

Not so fast. Reports of new WannaCry variants are emerging, so stay alert and watch where you click.

What if my PC was ransomed?

While it appears that many people have paid the ransom demanded by the hackers, security experts warn against handing over your cash.

"As of this writing, the 3 bitcoin accounts associated with the WannaCry ransomware have accumulated more than $33,000 between them. Despite that, not a single case has been reported of anyone receiving their files back," Check Point warned in a Sunday blog post. "WannaCry doesn't seem to have a way of associating a payment to the person making it."

Bossert echoed that today, saying that approximately $70,000 had been paid out since Friday, but there's no evidence of data recovery.

If you've been hit, your best bet is to restore from backup. Reputable security firms also have ransomware decryption tools. You can also use a tool like the FixMeStick -- just insert the device, boot to its Linux-based environment and let it take care of the problem. It won't restore files, but it will (hopefully) clean out the malware. When your PC is back up and running, make sure you have a robust antivirus program and the best ransomware protection.

For more, see How to Protect and Recover Your Business from Ransomware.

How can we stop this from happening again?

Pay attention to emails with attachments or links. Even if the message appears to be from someone you know, double-check the email address and be on the lookout for any odd wording or attachments you weren't expecting from that person. When in doubt, message the person separately to ask if they did indeed send you an email that requires you to download an attachment.

More broadly, meanwhile, Microsoft took the NSA to task for "stockpiling" these vulnerabilities.

"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," Microsoft's president and chief legal officer, Brad Smith, wrote in a blog post that likened the leaks to the U.S. military "having some of its Tomahawk missiles stolen."

More from Entrepreneur

Grow Your Business at Entrepreneur LIVE! Join us on Nov. 16 in Brooklyn, NY, to learn from legends like Danica Patrick and Maria Sharapova, pitch our editors, meet with investors, and potentially walk away with funding!
Register here

One-on-one online sessions with our experts can help you start a business, grow your business, build your brand, fundraise and more.
Book Your Session

In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Apply Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.