On Friday, we reported on a global ransomware attack that at the time had affected 45,000 users in 74 countries. The attack hit a wide variety of targets, including hospitals, utilities, and shipping companies, and gave those affected an ultimatum of paying the hackers in bitcoins at an anonymous address or losing their files forever.
Experts say that the hackers are using a program called WannaCrypt -- also known as Wanna Decryptor, WanaCryptor, and WannaCry – to carry out the attacks. The malware infects users’ systems through traditional means like phishing attempts and malicious emails with infected attachments, but it’s made even more dangerous by the fact that it is wormable, meaning that it can jump from one infected machine to others by targeting new victims through connected networks.
Once a machine has been infected with the malware, the files on it become encrypted and users become locked out and unable to access them. A landing page is generated by the program (shown below) that explains that users must pay $300 in bitcoins for the files to be unlocked. Two countdown clocks warn users that they have only a week to pay up and unlock their files or they will be deleted forever, and that the ransom amount will go up if an immediate payment is not made.
But should you pay the ransom? In a report from ZDNet, security experts say that paying up is no guarantee that you’ll actually get your files back, that a solution to the problem is being worked on, and that users and businesses should hold out, restore their system from a backup, or reach out to security professionals to see if there is other recourse that can be taken.
Critical update available
Estimates show that the hackers behind WannaCrypt have made around $50,000 from their ransomware campaign thus far, but consumers shouldn’t panic right away. Security experts point out that the attacks only affect machines that are running older versions of Windows operating systems or those that have not been properly updated.
In fact, a patch released in March by Microsoft currently protects users who are running Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, and Windows Server 2016. But it can only help if users have updated their devices to cover the vulnerability that Wanna Decryptor exploits.
Users who have not downloaded this critical update are urged to do so immediately to avoid falling victim to the ransomware scheme. This can be done manually on Microsoft’s website or automatically through the Windows Update program. If you do not have Windows Update enabled, then the patch will not have downloaded automatically.
Protecting your computer devices
If you are currently running other versions of Windows not listed above – such as older versions of Windows XP, Windows 8, and Windows Server 2003 – then there is still a way to ensure that your system is protected.
Microsoft has released an emergency patch for operating systems that are no longer being supported. In an article, the company provides customer guidance for the WannaCrypt attacks and offers links to security updates that users can download for older operating systems.
If for some reason you are unable to download these updates, security expert Troy Hunt suggests disabling Windows’ Server Messenger Block (SMBv1). Doing so, he says, will block the avenue that WannaCrypt exploits to enter users’ systems. If that solution doesn’t appeal to you, there’s always the option of locking down your machine and disconnecting it from the internet until researchers develop a decryption key that can nullify the threat and unlock users’ files.
Of course, this attack may only be the first in a new line of variant threats that may emerge. As always, users are encouraged to install the latest operating systems and enable automatic security updates to keep their systems protected.