Another massive cyber-attack, that is believed to be using stolen tools from the US National Security Agency, has hit countries across the globe. According to the cyber security company, Avast, over 75,000 cases of the ransomware, known as WannaCry (with variants of that name), has hit computers around the world. Thus far, there are reports of infections in 99 countries, including Russia and China.
The ransomware attacks started unfolding on early Friday when the National Health Service (NHS) in England and Scotland, along with some other medical practises, were hit. Staff members shared screen shots of the WannaCry program that demanded a payment of $300 USD using the virtual currency Bitcoin. Throughout the day the virus spread to other countries throughout Europe, eventually attacking other countries such as the USA and China.
The ransomware, WannaCry, is believed to be deployed via a worm – that is an infection that spreads automatically between computers and will hunt down vulnerable machines and infect them too. Once the infection is inside the computer, it will create encrypted copies of files before deleting the originals. These encrypted copies cannot be accessed without an encryption key, which leaves the victims at ransom by the hacker to regain the files. It is unclear how the original attacks begun, which has lead many cybersecurity experts to believe this may be due to an exploit used by the Equation Group – a group suspected of being tied to the US National Security Agency.
The vulnerability, known as Eternal Blue, is linked to Microsoft and can so far affect Windows Vista, 7, 8, 10, XP, and other versions of the systems software. Microsoft fixed Eternal Blue back in March, however they believe that many of the victims that have been attacked thus far did not patch their computers before the spread of the ransomware. Many of the organizations that were infected, such as the NHS, use older operating systems that did not contain this patch.
Fortunately, there has been an accidental slow-down of the spread of WannaCry due to a URL in the malware’s code that effectively acts as a ‘kill switch’. With that said, it is important to protect yourself from future cyber attacks to keep your files safe and protect your assets. Firstly, you can download the Avast Antivirus, as it claims to detect all known versions of the WannaCry malware (among other antivirus programs). Secondly, patch your windows computer with the recent windows update that will fix the vulnerability Eternal Blue. Thirdly, practise a few good cyber security techniques such as avoid clicking links from unknown sources and keeping backups of all your important documents on an external hard drive. Be sure to look online for more cyber safety tips.