WannaCry Ransomware Infects Computers Worldwide
WannaCry ransomware has affected tens of thousands of computers worldwide since surfacing on Friday, marking what the EU’s law enforcement agency Europol is calling one of the largest cyberattacks in history, BBC News reports. The malware, which can exploit vulnerabilities in unpatched Windows computers and servers, has struck major organizations including hospitals and government agencies in at least 99 countries thus far.
The National Security Agency originally uncovered the security flaw, but a group of anonymous hackers called the Shadow Brokers exposed the details of the exploit to the public last month, according to CNET.
The hacking campaign — also known as WannaCry — affected mostly European organizations and notably caused disruption to Britain’s health care system. Although individual users are at risk, too, organizations face more severe threats due to the malware’s ability to spread across networks.
The hackers created havoc for many organizations by holding infected computers hostage and encrypting most or all of the files stored on them. WannaCry searches and encrypts 176 file types, according to Symantec, such as .DOC, .JPEG and .PDF and appends a .WCRY to the end of the file name. The malicious software then demands its victims to pay a $300 ransom via bitcoin to unencrypt the files. The price doubles if the victim doesn’t pay the ransom within three days, and if no action is taken after seven days to pay the ransom, files may be permanently deleted.
So far, the hackers have received over $50,000 worth of bitcoin, paid in 207 separate transactions, Symantec reported.
A British security researcher was able to halt the global cyberattack when he inadvertently discovered a kill switch that prevents the malware from activating the code, encrypting and ransoming data, according to TechCrunch. Even so, the malware can still spread.
“Although those computers won’t have their data ransomed, it’s not difficult to create a new variant (or 10) that may infect at a similar rate using kill switches that haven’t been activated — if they include kill switches at all,” TechCrunch explained.
Microsoft risk mitigation efforts include issuing patches for various versions of Windows — even old, unsupported ones like Windows Server 2003, according to Fortune. Users should install available security patches immediately. Moreover, the company has released consumer guidelines and security updates that should lessen cyberattack risks and encouraged users to take caution when opening email attachments. However, Symantec warns that WannaCry spreads “within corporate networks, without user interaction.”
Currently, there’s no way to decrypt encrypted files on an infected computer. Some cybersecurity experts don’t recommend paying for the ransom. Files may be recoverable in some situations without a backup — such as files saved in places other than the desktop, My Documents or a removable drive — by using an undelete tool, according to Symantec.