Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Home » Operating Systems »

What is WannaCry? What does WannaCry ransomware do?

Christina Mercer | May 17, 2017
WannaCry or Wanna Decryptor ransomware seems to have used a vulnerability in Microsoft's software

A ransomware attack called WannaCry that was first launched on 12 May and since spread around the world impacted a number of high-profile organisations globally, including NHS England in the UK.

Ransomware is a type of malicious software that will block access to your files unless you pay a ransom.

Some 47 NHS trusts fell victim to these ransomware attacks resulting in devastating consequences for some patients, as operations were cancelled and medical records held for ransom.

One theory suggested that 90 percent of NHS trusts across the UK were using Microsoft's 16-year-old OS Windows XP, which could leave them susceptible to attacks.

 

What is WannaCry ransomware?

WannaCry or Wanna Decryptor ransomware seems to have used a vulnerability in Microsoft's software.

An exploit discovered and built upon by the USA's National Security Agency called EternalBlue was leaked by a group called the Shadow Brokers earlier this year. It was patched by Microsoft at the time, but older versions of Windows or those without Windows Update were left open to attacks.

WannaCry uses EternalBlue, which takes advantage of a vulnerability in the SMB protocol, to worm its way through local networks and online.

The worm encrypts data on an infected system, and then tells the user that their files have been locked and displays information on how much is to be paid and when - up to roughly $600 in bitcoin.

WannaCry, like the majority of ransomware and malware will arrive under your radar, as an email attachment or as a download on your PC. It essentially relies on victims clicking on or downloading the attachment, which causes the program to run and infect your computer with ransomware.

 

What versions of Windows are affected?

According to Microsoft's blog, older versions of Windows that are no longer supported by Microsoft were vulnerable, which includes Windows 8 and Windows XP, which the majority of NHS Trusts were running.

For those running Windows 10 or Windows Vista, Windows 7 and Windows 8.1 systems, which has automatic updates turned on, you'll remain protected from WannaCry.

For a full description of ransomware and how it can be stopped, see here.

 

How should businesses respond to ransomware attacks?

Sadly, there isn't a simple formula for businesses to follow in regards to ransomware. But there are a few things that businesses can do to limit the damage it causes.

The biggest question is whether businesses should pay or not. In most cases, the sum of money demanded is relatively small so it might seem easier to just pay the money and if you have backups, just restore your systems with them.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.

FEATURED WHITE PAPERS

Leadership for the IT revolution

Who runs the workplace? Millennials

Taking a bi-modal approach to IT governance

VIDEO: Driving Digital Innovation with Cloud Integration

CIO finds storytelling challenging but crucial

Paying the WannaCry ransom will probably get you nothing. Here's why.

How to avoid becoming WannaCry’s next prey

MSIG’s new mobile app speeds up motor claims in Thailand

Acronis and Singapore’s Raxel Telematics help insurers reduce fraudulent claims with blockchain

APAC organisations report average revenue loss of US$250,000 to DDoS attacks

Win the battle for relevance in the Digital Economy...or face extinction: Stephen Brobst in Malaysia

WannaCry attacks: Former Malaysian hacker predicted healthcare target

Global ransomware attacks prompt national 'WannaCry' alert from CyberSecurity Malaysia

What eCommerce boosts will Malaysia receive from Alibaba's post DFTZ moves?

Digital Economy seen as lifeline by business leaders, Malaysia study reveals