- Twitter urged to suspend Tory Party Twitter account after it ‘misled’ the public 3 Years Ago
- This former stripper has the best Humans of New York story of all time 3 Years Ago
- How to watch tonight’s 2020 Democratic debate 3 Years Ago
- ‘Dollface’ offers a narrow vision of womanhood Today 3:56 PM
- There’s a perfectly good reason why we can’t buy official Baby Yoda merch yet Today 3:00 PM
- Trump’s handwritten ‘I WANT NOTHING’ note gets memed Today 12:57 PM
- Facebook quietly launched a meme generator app called Whale Today 12:40 PM
- How to watch tonight’s fire Warriors vs. Mavericks matchup online Today 12:14 PM
- Android security flaw could have let hackers hijack your phone’s camera Today 12:10 PM
- How Julia Roberts playing Harriet Tubman became a meme Today 12:01 PM
- Woman banned from Instagram for sharing d*ck pic she didn’t ask for (updated) Today 11:55 AM
- People risking concussions for new TikTok challenge Today 11:14 AM
- A ‘Joker’ sequel could be in the works from Warner Bros. (updated) Today 11:06 AM
- Is Jake Paul going to fight again? There are plenty of clues Today 10:57 AM
- Ghostemane concert abruptly canceled amid ‘safety concerns’ and reported gun threat Today 10:41 AM
The victims of this latest wave—one of the largest cyberattacks in history—include individuals, hospitals in the U.K., FedEx, and the Spanish Telecom giant Telefónica.
Ransomware is a type of malware that prevents victims from accessing their files by encrypting them. In most cases, the only way to regain control of data is to buy the decryption keys from the attackers—unless you have backups, of course. Here’s what you need to know about the attack and how it might affect you.
Windows computers are at risk
The malware, a variant of the Wana Decryptor (aka “WannaCry“) ransomware, is targeting various versions of the Windows operating system. The attack exploits a vulnerability in the Windows Server Message Block (SMB) service to propagate across computers in a network. This is the service Windows computers use to share files and printers across a local network. That’s why the attack has been so successful on corporate targets, which often make active use of shared folders in their networks.
This means that users running Linux or macOS—and Windows users who have their file sharing turned off—have better protection against this attack. But before you breathe a sigh of relief, know that there are plenty of other ways you can get hit by the various breeds of ransomware that are lurking out there.
The patch for the attack has existed for quite a while
The security hole that the hackers leveraged first became public among a trove of stolen NSA tools that the hacking group Shadow Brokers unleashed last month. This further proves that by keeping security vulnerabilities secret and failing to protect them, security agencies are dealing more damage to the very people they’ve sworn to protect.
However, this is not all of the story, and the NSA is not entirely to blame for the success of the attack. In fact, Microsoft had already fixed the vulnerability and rolled out patches for supported systems in March, before the leaks were even made public.
So why did so many computers fall victim to the attack? Simply because many users and organizations are slow to catch up with security updates and practices. Too many users decide to postpone or abort updates to avoid interrupting their work. Too many organizations, including hospitals and government agencies, are still running on Windows XP, an operating system that Microsoft hasn’t supported since 2014.
(Microsoft issued a fix for Windows XP on the same day of the attack, though it might have been too little, too late for those who had already been hit by the attack.)
Therefore, the victims are as much to blame for their troubles as anyone else. The main lesson we should draw is that you can never overestimate the value of basic security hygiene, simple practices that protect you against most attacks.
Someone accidentally pulled the plug on the attack
On Friday afternoon, with a little luck and a $10 investment, the security researcher who goes by the Twitter name MalwareTech, managed to trigger a kill switch that stopped the malware from spreading.
While reverse engineering and examining the attack, MalwareTech discovered that the developers of WannaCry had programmed the virus to check for a URL that didn’t exist. The researcher proceeded with purchasing the domain, which cost him $10, and shut down the virus by activating it. Apparently, the virus was programmed to function as long as the domain hadn’t been registered.
There are various theories as to why the hackers had embedded such as functionality into their malware, but what it means for the moment is that the attack has been stopped and the ransomware is no longer spreading at its previous chaotic pace.
But we haven’t seen the end of it
The kill switch certainly doesn’t help devices that have already been infected by the malware. And the fix is a temporary one. Don’t expect cybercriminals to abandon the profitable and practical business model that ransomware provides. Malicious developers are constantly coming up with new ways to spread malware and bypass security tools.
So let’s not forget that if we don’t step up to protect ourselves against cyberthreats, no one else will. Keep your systems up to date, your files backed up, and stay tuned as the story unfolds.
Ben Dickson is a software engineer and founder of TechTalks. His work has been published by TechCrunch, VentureBeat, the Next Web, PC Magazine, Huffington Post, and Motherboard, among others.