ransomware wannacry

Photo via Hillary/Flickr (CC-BY-SA)

4 things you should know about WannaCry, the latest massive ransomware attack

Computers are still at risk, but here's how you can help reduce your chances of getting infected.


Ben Dickson

Layer 8

Posted on May 14, 2017   Updated on May 24, 2021, 2:30 pm CDT

A massive ransomware attack took the world by storm Friday, spreading across 100 countries and targeting tens of thousands of computers.

The victims of this latest wave—one of the largest cyberattacks in history—include individuals, hospitals in the U.K., FedEx, and the Spanish Telecom giant Telefónica.

Ransomware is a type of malware that prevents victims from accessing their files by encrypting them. In most cases, the only way to regain control of data is to buy the decryption keys from the attackers—unless you have backups, of course. Here’s what you need to know about the attack and how it might affect you.

Windows computers are at risk

The malware, a variant of the Wana Decryptor (aka “WannaCry“) ransomware, is targeting various versions of the Windows operating system. The attack exploits a vulnerability in the Windows Server Message Block (SMB) service to propagate across computers in a network. This is the service Windows computers use to share files and printers across a local network. That’s why the attack has been so successful on corporate targets, which often make active use of shared folders in their networks.

This means that users running Linux or macOS—and Windows users who have their file sharing turned off—have better protection against this attack. But before you breathe a sigh of relief, know that there are plenty of other ways you can get hit by the various breeds of ransomware that are lurking out there.

The patch for the attack has existed for quite a while

The security hole that the hackers leveraged first became public among a trove of stolen NSA tools that the hacking group Shadow Brokers unleashed last month. This further proves that by keeping security vulnerabilities secret and failing to protect them, security agencies are dealing more damage to the very people they’ve sworn to protect.

However, this is not all of the story, and the NSA is not entirely to blame for the success of the attack. In fact, Microsoft had already fixed the vulnerability and rolled out patches for supported systems in March, before the leaks were even made public.

So why did so many computers fall victim to the attack? Simply because many users and organizations are slow to catch up with security updates and practices. Too many users decide to postpone or abort updates to avoid interrupting their work. Too many organizations, including hospitals and government agencies, are still running on Windows XP, an operating system that Microsoft hasn’t supported since 2014.

(Microsoft issued a fix for Windows XP on the same day of the attack, though it might have been too little, too late for those who had already been hit by the attack.)

Therefore, the victims are as much to blame for their troubles as anyone else. The main lesson we should draw is that you can never overestimate the value of basic security hygiene, simple practices that protect you against most attacks.

Someone accidentally pulled the plug on the attack

On Friday afternoon, with a little luck and a $10 investment, the security researcher who goes by the Twitter name MalwareTech, managed to trigger a kill switch that stopped the malware from spreading.

While reverse engineering and examining the attack, MalwareTech discovered that the developers of WannaCry had programmed the virus to check for a URL that didn’t exist. The researcher proceeded with purchasing the domain, which cost him $10, and shut down the virus by activating it. Apparently, the virus was programmed to function as long as the domain hadn’t been registered.

There are various theories as to why the hackers had embedded such as functionality into their malware, but what it means for the moment is that the attack has been stopped and the ransomware is no longer spreading at its previous chaotic pace.

But we haven’t seen the end of it

The kill switch certainly doesn’t help devices that have already been infected by the malware. And the fix is a temporary one. Don’t expect cybercriminals to abandon the profitable and practical business model that ransomware provides. Malicious developers are constantly coming up with new ways to spread malware and bypass security tools.

So let’s not forget that if we don’t step up to protect ourselves against cyberthreats, no one else will. Keep your systems up to date, your files backed up, and stay tuned as the story unfolds.

Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.

Share this article
*First Published: May 14, 2017, 10:59 am CDT