A massive cyberattack by a ransomware program known as "Wannacry" last Friday infected computers in more than 150 countries. The attack exploited a vulnerability in older versions of Microsoft operating systems like XP, Windows Server 2003, Windows Vista and Windows 8. It started in Europe, causing Britain’s National Health Service to cancel procedures and lose access to patient records like X-rays and test results. Spanish telecom firm Telefónica was also affected, along with thousands of personal computers. This malicious software is still circulating, so if your computer is running Windows, even Windows 10, you need to download the security patch from the Windows website. Unprotected computers are at risk of being crippled and having their files obliterated.
Ransomware is a type of malicious software that encrypts all files on the host computer, displaying a message that the user must pay a ransom – usually in the electronic currency Bitcoin, which is notoriously hard to trace – if the user wants his or her files back. If users don’t pay in a few days, the price doubles. If they don’t pay in a week, their files are wiped permanently. Ransomware is usually spread through email attachments like Microsoft Word docs or PDF files, but can also be let in through a digital backdoor created by a virus already present in a system.
‘Wannacrym’ also known as "Wannacrypt" or "Wannacrypt0r 2.0," was made possible by a massive leak of security exploits by a hacker group calling itself The Shadowbrokers. The group released this list of vulnerabilities, stolen from the National Security Agency, to the public back on April 14. The NSA, it appears, had been keeping these security exploits secret from the public for its own use. It’s unclear as of yet whether The Shadowbrokers themselves or one of their customers wrote the Wannacry ransomware program.
Once news broke of the leak, Microsoft released a patch for older systems like XP and Server 2003, but only to those corporate customers who had paid Microsoft for continued software support. The rest — Britain’s NHS included – were left undefended until after the attack, the severity of which prompted Microsoft to make update patches available on its website for broad download.
Last Saturday, an anonymous researcher in the UK was able to activate a "kill switch" in Wannacry’s code by registering a long, convoluted domain name (the URL of a website is also known as its domain) found buried there. The "switch" works like this: The ransomware program periodically looks for the domain name, and if it comes back as registered, the software stops spreading itself.
If you like this story, consider signing up for our email newsletters.
SHOW ME HOW
This has not, however, killed the virus in already infected computers, just stopped its spread. It is also possible that there are other variations of this software without the kill switch built into them that can continue to spread. “This is not over,” the researcher warned. “The attackers will realize how we stopped it, they’ll change the code and then they’ll start again. Enable Windows update, update and then reboot.”
Both software companies, Microsoft in particular, and government intelligence agencies like the NSA have been criticized for their role in the attack and others like it. Some argue that security vulnerabilities should be fixed immediately once found, and that hiding them puts everyone at risk for further attacks. Edward Snowden has argued that the role of national security agencies should be protecting computers and people here, not exploiting vulnerabilities to spy on other countries. Brad Smith, president of Microsoft, said in a May 14 blog post, “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
Others, including The Guardian, have pointed out that Microsoft wasn’t blameless in this situation either. The company’s practice of discontinuing support for old software unless customers can pony up the cash has been cited as a key factor in Wannacry’s ability to spread as far as it did, because so many old systems were left undefended. Several commenters on the Guardian’s online coverage had the same sentiment: “You either pay the criminals, or you pay Microsoft.”
So what can you do to protect yourself? First: Update. Enable Windows Update on your computer, install security updates regularly and download the patch from Microsoft’s website immediately. Make a backup of your files. If Wannacry infects your computer, there is as yet no way to fix it aside from wiping everything and rebooting your entire system. And as always, don’t open suspicious email attachments, and be very careful of the sites you visit.