WannaCry is a type of ransomware that was recently used in a major cyber-attack to hit organisations in more than 70 countries across the globe such as Spain, the US, the UK, China, and Russia. The United Kingdom was particularly badly affected as the incident caused chaos across health services in England and Scotland when the ransomware had their computers locked, causing hospitals to cancel surgical operations.
Where did Ransomware come from?
The ransomware is alleged to have been leaked by a hacker group called Shadow Brokers after they stole a program called EternalBlue that had been developed by the USA’s National Security Agency for hacking into terrorist suspect computers running Microsoft Windows Operating Systems.
How does WannaCry work?
When a user’s computer has been infected as a result of downloading an email attachment, the ransomware runs as a program on your computer encrypting all its data. The user is then informed that their files and documents have been locked and the only way to recover their data is by unlocking them using a password which will be given after making a payment. Information is then provided about to how much is to be paid – $300 worth of Bitcoin – and when.
What computers are vulnerable?
Computers running older versions of Windows that are no longer supported by Microsoft such as Windows 8 and Windows XP.
Is WannaCry still active?
The ransomware was halted from spreading by a cyber security researcher in the UK known only by his twitter handle as @malwaretechblog with the help of Darien Huss, a researcher with security firm Proofpoint after he found a vulnerability in the hacker’s code. Malwaretech explained that it was partly accidental as they registered a domain with the intention of tracking the malware and it turned out that the domain they had registered had actually disabled the malware as well as allowed them to track it.
He stressed that it was important for people to patch their systems, warning that: ‘’This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable Windows update, update and then reboot.’’
The Nigerian Communications Commission (NCC) on May 17 released a statement assuring all operators and subscribers of the security of national telecommunications network while advising ”proactive measures to be taken by all players in the telecommunication eco-system to forestall the hazards of critical data loss, financial losses and ultimately network/ business disruption.”
How to protect your computer from ransomware
One lesson here is to form a habit of backing up your computer onto an external storage device regularly. Another security measure to take is to upgrade to Windows 10 if you haven’t done so already as it is equipped with the latest features to counter cyber attacks. Also, see here for some simple steps on how to protect yourself on the internet.