Ransomware Wannacry Makes News

The malware known as WannaCrypt, or Wannacry has been making news this week, and has infected computer systems in over 150 countries.  Over the weekend the infection encrypted systems in Britain's National Health Service (NHS) causing critical medical systems to not function.  Over 300'000 other  computer and devices were infected with the ransomware as well.

How does it work?

The tools which were used to carry out this massive ransomware attack were actually developed by our very own National Security Agency (NSA), according to reports.  The two exploits that were utilized were dubbed EternalBlue and DoublePulsar, which both exploit a specific security hole in Windows which allows for Remote access to the computer.

The Exploit deploys itself, and encrypts the system in 5 steps which you can see below.

How to stay Protected

The Ransomware was slowed down when a security analyst discovered a kill-switch inside the code of the infection.  They were able to exploit this to stop the ransomware from continuing to spread, however the security expert also warns that the kill-switch would likely be removed quickly in a newer version of the ransomware.

ZDNet's Charlie Osbourne explains how you can stay protected from this nasty Malware in more detail.  If your on a up-to-date Windows computer, then you are already safe from this infection.  The infection exploits a vulnerability in older versions of Windows systems, those being; Windows 8, Windows XP, and Windows Server 2003.

Other versions of Windows such as: Windows 10, Windows 8.1, and Windows 7 are all safe provided they have the latest updates.  You should check for updates on your computer by going to Settings, then to the Updates & Security option.  Windows will tell you if there are updates available, or if you're currently up-to-date.

Ensure that Windows automatic updates is turned on, and it is recommended that you also install and run anti-virus software which can block known ransomware.  If you think you have already been infected, here you can find a guide on how to remove the infection.  You will not be able to decrypt your file unless you have a backup that was not also infected, or by paying the bitcoin ransom.  For this reason, it is also recommended that you have a cloud-backup which keep your files saved in a remote location which are safe if your local system becomes infected.

A Wake Up Call, or a Double-Edged Sword

Microsoft excoriated governments around the world for keeping software vulnerabilities  hidden, and not reporting them to software vendors. Software companies who build software often can't account for every possible exploit their software may come across, and they depend on users to report these bugs to the vendors so they can patch them.  On the other-hand, many governments take advantage of these exploits, keeping them a secret so that they can be used by their agencies for nefarious purposes.

Microsoft Writes on their blog; "Governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” said Microsoft President and Chief Legal Officer Brad Smith. “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.“

Keeping yourself protected online is becoming more important every day as new methods are developed by scammers to infect you all the time.  Follow our guidelines to keep yourself protected, and sign up for our Newsletter to stay informed about new tech information every month.