WannaCry ransomware: Everything you need to know
One of the largest cyberattacks ever is currently eating the web, hitting PCs in countries and businesses around the world.
What is WannaCry?
It's the name for a prolific hacking attack known as "ransomware," that holds your computer hostage until you pay a ransom.
The way it works is that once it infects a computer, it encrypts -- or basically scrambles -- all the data. Then the program puts up a screen demanding you pay money to get access back. Typically the price increases over time until the end of a countdown, when the files are destroyed.
We first heard about WannaCry last week from the UK's health service, which appeared to be one of the first major computer systems affected by the hack. It's also called WannaCrypt.
You can follow who's affected by watching this live tracking map created by MalwareTech.
Why do hackers do this?
The same reason you get telemarketing calls and junk email: It's effective.
Security company Symantec says that ransomware attacks alone jumped by more than one-third to over 483,800 incidents in 2016. And that's just the ones they tracked.
How do I protect my machine?
If you're running a Windows-powered PC, make sure all your software is up to date. In addition, as always, do not open suspicious emails, click on links you don't know or open any files you weren't expecting.
What do I do if my computer is infected?
You're out of luck. So far there doesn't appear to be a way to fix WannaCry.
Shortly after WannaCry began to spread, a security researcher accidentally found a kill switch that appeared to stop WannaCry in its tracks. But hackers have since made a fix, and this time there doesn't appear to be any way to stop it. It also has a new name Uiwix, according to researchers at Heimdal Security.
Great, so I have to pay these monsters to get my computer back?
There is currently no way to fix a computer that's infected by WannaCry. But at the same time, paying them isn't your best bet, since you are basically giving money to criminals.
The hackers typically demand about $300 in payment via bitcoin, an untraceable digital currency often used on shadowy parts of the internet. If that ransom isn't paid in 72 hours, the price could double. And after a few days, the files are permanently locked.
Many experts say wiping your machine and relying on backups is a better way to go.
Who created WannaCry?
The hack appears to have originally been discovered by the NSA, which allegedly kept it on file as a potential tool to use for surveillance or other issues.
We found out about it because a group of hackers, known as Shadow Brokers, in April released a cache of stolen NSA documents on the internet, including details about the WannaCry vulnerability.
Does WannaCry affect my Mac, iPhone or Android?
No. It appears to only affect computers powered by Microsoft Windows. Microsoft released a software update in March that protects against this vulnerability, but we've since learned that many people didn't update their computers.
Microsoft took the unusual step on Friday to release another update for older computers running Windows XP (first released in 2001), Vista (2006) and Windows 7 (2009) and Windows 8 (2012), protecting them as well.
Microsoft, by the way, isn't happy about this attack, and has slammed spy agencies for stockpiling vulnerabilities instead of reporting them to computer companies to be fixed.
Who's most vulnerable?
Windows-powered PCs that aren't running updated software that protect from this vulnerability are the most at risk. WannaCry appears to travel across corporate networks, spreading quickly through file-sharing systems.
The diabolical part of that is corporate computers are typically controlled by IT departments that choose when to send updates to computers. So if one computer is vulnerable, it's likely all the computers on a corporate network are too, making it easy for WannaCry to have a large impact.
How does WannaCry spread?
It appears networks of computers, like schools, companies, hospitals and businesses, are particularly vulnerable. That's because security researchers say the ransomware is spread through standard file sharing technology used by PCs called Microsoft Windows Server Message Block, or "SMB" for short.
It also appears able to spread to other computers outside corporate networks. Researchers have already found variants of the attack, so there isn't just one way it works.
What do I do if I'm not hit but worried I might be?
If you have backups, now would be a good time to update them. If you don't, I suggest you start.
Also make sure to check your software updates and talk to your IT managers.
SOURCE: Cnet