May 16, 2017 / By Ryan Hirst
Friday saw the NHS crippled by the cyber attack “WannaCry” but Monday has seen thousands more computers in China and Japan infected as more and more businesses turn on their computers
What can this attack do?
Last Friday saw the attack on the NHS systems by a malicious program “WannaCry”. As a result their computer files were locked by this program until they agreed to pay the ransom. This kind of situation is not an uncommon problem but according to the EU police body Europol, the scale of the virus attack is unprecedented. As of this moment, it is unknown who is behind this attack but experts are suggesting that it might not be particularly sophisticated malware.
With fears that many more companies are going to join the already growing number of 200,000 victims today, people are wondering what to expect from this virus. The owners of the malware have been asking for a ransom payment of around $300 (£230), in virtual currency Bitcoin from each infected machine. However, this virus doesn’t seem to be very profitable for the owners as they have contained about $30,000 when seen by the BBC. Initially you might think that’s a lot of money, but when you put it into perspective that over 200,000 people in around 150 countries have been affected then you can see that the virus hasn’t been particular profitable for the culprits.
In the UK, the NHS was hit hard, but by Saturday morning the majority of the 48 affected health trusts in England had their machines back in operation. The NHS has not yet revealed what steps it took.
Could I be at risk?
The WannaCry Virus has been seen to attack only machines running out of date Windows operating systems. If you haven’t been keeping on top of your Windows updates and aren’t extra careful when opening your emails then you could be at risk. However, if you are a home user and keep your automatic windows updates enabled then its generally believed that you will be at low risk to this particular attack.
There are ways of protecting yourself from this virus. If you are regularly running updates, using firewalls and anti-virus software then you should be safe this. As this particular virus is transmitted through email, I would recommend being wary of which emails you are opening and reading.
Nevertheless, some viruses can slip through the cracks. To be on the safer side, I recommend that you keep backing up your data so if the worst happens you can restore your files without, in this case, having to pay a fee which doesn’t guarantee you getting your files back.
The UK’s National Cyber Security Centre website contains advice on how to apply the patch to stop the ransomware – MS17-010 – and what to do if you can’t.
How has all this happened so fast?
The culprit is a malware called WannaCry that has spread via a computer virus known as a worm. Unlike many of the other malicious programs, this virus has the ability to move around a network by itself. Whilst others tend to rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.
Once the WannaCry virus is inside an organisation, it will make it’s way through the network to find vulnerable machines an will infect them too. This could explain why its impact is in the public eye so much, because large numbers of the machines at each organisation that were effected are getting compromised.
Why weren’t people protected?
Microsoft issued a free patch back in March for the weakness that has been exploited by the ransom. WannaCry seems to be built to exploit a bug found by the US National Security Agency. When the details of the bug were leaked, many security researchers predicted it would lead to the creation of self-starting ransomware worms. As you can see, it only took a hacker a few months to create good on that prediction.
Originally, it was thought that the victims were people using Windows XP, a very old version of the Windows operating system that Microsoft no longer support. Yet, cyber-security expert Alan Woodman suggested that the latest statistics show that this isn’t the case. Due to large organisations having to test that security patches will not interfere with the running of their networks before they are applied, this can lead to a delay in them being installed quickly.
If you have any questions about anything mentioned is this blog, don’t hesitate to contact us.