5 Burning Questions About the ‘WannaCry’ Ransomware Attack

A massive cyberattack that crippled computer systems in nearly 100 countries around the world has been temporarily halted, but experts say there could be similar attacks on the horizon. Here’s what you need to know.

1. What is it?

On May 12, a ransomware attack began affecting computer systems around the world. Ransomware, is a type of virus that holds computer data hostage, has been around for years, but experts say “WannaCry” is the biggest attack of its kind. According to Symantec, the average ransom amount was $300 per infected computer and the preferred payment method is Bitcoin. This payout might seem small, but setting a lower dollar value makes the hackers more likely to get paid.

More than 200,000 computers were affected at companies like FedEx, Telefónica and Britain’s National Health Service. To give context around the magnitude: At Telefónica, 85 percent of the company’s computers are down, and in the U.K., doctors are resorting to pen and paper to fulfill their duties.

2. Who started it?

The culprits remain anonymous, but an investigation is underway. Researchers claim to have discovered a link between North Korean hackers and the malware attack, but this is yet to be proven.

3. Who is at risk?

The virus is targeting computers running on Windows OS prior to Windows 10 (Windows 8 through XP). The malware opportunistically takes advantage of a flaw leaked in a recent NSA data dump—a flaw for which Microsoft released a security patch to protect users. But systems that had not been updated with that patch remained at risk, and many have fallen victim to the virus as a result.

4. How can it be stopped?

Malware is spread by clicking links or opening attachments from infected parties, so the first general rule is to be vigilant about attachments received from known contacts. Of course, these scenarios can be difficult to discern as the messages are oftentimes innocuous and from known parties. As a secondary precaution, Windows users (not including Windows 10), should update their software immediately. Read more about this and download the security patch here.

A heroic security researcher temporarily halted the virus by finding a hidden kill switch in its code. By registering an email address referenced in the malware, he was able to stop the virus from spreading. Unfortunately, soon thereafter, copy cat hackers began making their own versions of the code, spreading new viruses.

5. What can we learn from this?

As the Financial Times reports, the combination of weak systems and stolen cyber weapons will “never end well.” These types of attacks will only continue and proliferate so long as large-scale, critical infrastructures (at places like hospitals and financial institutions) are built on shoddy, insecure foundations.

“How can we prevent such future epidemics?,” writes Keren Elazari for the Times. “This incident highlights the need to see cyber security as a public health issue just as much as one for law enforcement or intelligence agencies.”

This means that legacy software systems need a revamp for the modern era, and security researchers and organizations need to more tightly collaborate to prevent such breaches in the future.

Learn the latest trends, insights and best practices from the brightest minds in media and technology. Sign up for SMW Insider to watch full-length sessions from official Social Media Week conferences live and on-demand.

Image Credit: U of T News