On Friday, a massive ransomware called WannaCry attacked the UK National Health Service computers wreaking havoc at many health institutions across that country. Health records became inaccessible and many outpatient appointments and surgeries had to be canceled or delayed. Within a matter of hours, the attack had gone global and infected hundreds of thousands of machines. The type virus responsible for the attack is a ransomware known as WannaCry or WannaCryptor.
What is Ransomware?
Ransomware is a type of computer virus that locks targeted files on your computer (and any attached external drives) using secure encryption algorithms and then demands money (a ransom) in order to unlock your files. The encryption used is the same type that banks use in order to protect your passwords when you log into online banking systems. Once your files have been locked by ransomware viruses, they unrecoverable unless you get the decryption keys from the authors of the virus. However, in order to get the key from them, you have to pay whatever amount of money the cyber criminals demand. The operators of WannaCry are demanding US$300 to unlock encrypted files.
How serious was the May 12th, 2017 attack?
The scale of Friday’s attack was unprecedented. It is the biggest of its kind. Within less than 48 hours from launch, over 200,000 computers in 150 countries were infected according to Europol. Major companies hit include the UK NHS, Spanish Mobile Network Operator Telefonica, the Russian Interior Ministry and many more. Countless ordinary users have also been struck.
It is still too early to assess the damage done but when the dust settles it is likely to be in the order of millions, if not billions of dollars. Below is a map showing the global distribution of WannaCry infections.
Once infected, victims were greeted with a message asking for a $300 ransom – payable in the internet currency, bitcoin – in order to regain access to their files. Failure to pay this amount within 72 hours will result in the ransom being doubled to $600. If no payment is made within 7 days of infection then your files will be lost forever.
How can you recover from an attack?
To be honest, we often advise people just to pay the ransom. – Joseph Bonavolonta, FBI Assistant Special Agent
Since WannaCry uses a secure encryption mechanism, recovery of files is not possible. No computer technician will be able to get your files back for you. In fact, the US Federal Law Enforcement Agency the FBI advised businesses in the past to pay the ransom. The problem is so out of control that some ransomware authors have made a killing from targeting the police.
The only other way to get back your files is if you have a backup of them, assuming they were not also attacked by the virus. Unfortunately, many users do not keep backups of their data. If anything good is to come from this disaster, it’s increasing awareness of the importance of data backups.
There are some variants of ransomware that are not as sophisticated as WannaCry. With these, it may be possible to decrypt your files without paying the ransom though it is certainly not trivial.
How do you know you will get your files back?
There is no guarantee that you will get your files back. It is quite possible that the hackers may just take your money and run. However, there is a very strong incentive for the hackers to be honest – as contradictory as that may sound – because if people realize that paying won’t bring their files back, no one will pay and the criminals won’t be able to make any money from their devious enterprise.
Also, past precedent has shown that the vast majority of ransomware operators do follow through and unlock your files.
How did WannaCry manage to do so much damage?
The key to success for WannaCry was that it exploited a vulnerability in the Microsoft Windows software that allowed it to infect computers automatically without users having to do anything. This security hole – code name EternalBlue – was discovered by the US intelligence agency the National Security Agency or NSA. The NSA used it to spread viruses of its own in order to spy on people and foreign governments. However, the NSA was itself a victim of a group of hackers who call themselves Shadow Brokers. They broke into NSA systems, stole the Eternal Blue exploits and leaked them to the public in April.
This allowed the virus to quickly spread and infect many systems despite the security measures put in place.
How can you protect yourself and your business from future attacks?
It goes without saying that you should have an up-to-date anti-virus program on all your machines, and must keep your windows updated as well.
Keeping Windows updated can be annoying but losing all your important files will be much worse.
For those who use Mac, you can download MacKeeper to protect your files from WannaCry.
Nowadays, however, viruses and other malicious software are very sophisticated and remain one step ahead of the anti-virus companies. Therefore, no matter how cautious you are, a security breach is almost inevitable.
In light of this, the best course of action you can take to protect yourself and your business is to put in place an effective backup protocol. All important data should be backed up at least once a week. These backups should be done to removable media like external hard disks and flash drives. It is important to note that you should never keep your backup drives connected to your computers. This is because if you are infected, ransomware will encrypt files on your computer as well as any other devices connected to it including external disks, flash drives even mobile phones. So you should keep your backup drives in a safe location disconnected from any machine.
Another important thing to remember with backups is that you should regularly check the integrity of your backup media. Hard disks and flash drives often fail, and you wouldn’t want to expend effort keeping backups only to find that the drive is faulty when you need it most.
An additional option for backing up your data is cloud storage services like Dropbox (sign up for a free account here). Dropbox will backup your important files to the cloud and make them accessible to all your devices including phone, tablet, and PC. Even though your files in Dropbox will also be encrypted if you dropbox is connected at the time of infection, Dropbox has a feature that allows you to restore past versions of a file so you will not need to pay anything to get them back.
Need to get in touch with an expert?