GlobalSign Blog

16 May 2017

The WannaCry Ransomware Sweeping the World: More Than 200,000 Computers Are Affected So Far

WannaCry

On Friday 12, May 2017, the internet got hit by a massive malware attack. This malware spread like wildfire around the world and more than 200,000 computers were affected over the weekend. This notorious malware is called WannaCry, a deadly “ransomware” which locks your computer and all the files become inaccessible and encrypted.

Organizations and individuals in more than 150 countries were affected including UK, Spain, Germany, Japan, Pakistan and India. Technical staff have been working day and night trying reinstall operating systems and recover data. Some of them have succeeded, but the majority of are still in pursuit of success. Several organizations already appear to have given in and paid the ransom amount to retrieve their data because there was no other feasible resolution.

There must be many questions tangling in our minds like;

  • “where did it come from?”
  • “why did our security systems failed to block it?” and
  • “will there be another attack in the future?”

Where Did WannaCry Come from and How Does It Work?

Sources are identifying a hacker group named Shadow Broker may behind this massive chaos. The attackers have locked data of more than 200,000 computers and will release it for Bitcoin payment equivalent of USD $300-600. The payment mode is conveniently Bitcoins because it’s an untraceable method of pay.

This malware is targeting PCs with older operating systems like Windows XP and Windows 7 that are vulnerable to the EternalBlue exploit. Compared to other types of ransomware and making it that much scarier, WannaCry is a bit unique in that it doesn’t rely on the end user to click a link or download a file to access the machine. Instead, it leverages that exploit and can then self-spread to other machines as well (e.g. those connected to the same local network). In the wake of the attack, Microsoft released an emergency patch for XP systems, but in the meantime, hundreds of thousands of computers have been infected and locked, including big names like National Health Service in UK, National Petroleum Company in China and Renault Factories in France.

The attack is not yet over. Someone from Malware Tech claimed to have found the “kill switch” and stopped it from spreading, but as it turns out, it was just slowed down from spreading. Kaspersky lab security confirmed a new more powerful version of this malware was detected immediately after the “kill switch” news. This new version cannot be stopped by the “kill switch” and a new wave of infection is expected to continue this week.

How Can You Protect Yourself from WannaCry?

In this case, prevention is really your best option. A critical piece of this is to update your system. If your personal computer or office system is running on an older version of Windows, then you are at serious risk. Keeping your systems patched is a must to reduce risk to critical vulnerabilities.

Additionally, as mentioned above, the feature that sets WannaCry apart from other malware is it can spread in a local network system without any interaction. So if you’ve found one of your systems or servers has been affected, the only way to make sure it doesn’t spread further is to disconnect the LAN cable or turn off the wireless connection.

Although phishing emails don’t seem to be at play for spreading WannaCry, you should still be wary of suspicious emails and files. Especially considering, as this article points out, other bad guys will likely try to leverage the WannaCry scare to scam people into downloading fake decryption solutions.

Ransomware is no joke and WannaCry is exposing yet another reason why a layered security strategy is so important today. A single vulnerability can be exploited and cause significant damage. You must make sure you have the proper defense and maintenance in place to prevent such issues.

Share this Post