WannaCry wins 2017’s prize for most ominously named ransomware, and it has seemingly lived up to its name.
A worldwide attack involving the ransomware swept through personal computers, companies and government institutions beginning on Friday 12 May. By Sunday, over 230 000 computers in more than 150 countries, including South Africa, were infected.
No ad to show here.
Straight out of an episode of Mr. Robot, WannaCry (Wcry, WannaCrypt, WanaCrypt0r 2.0, or Wanna Decryptor) is a malicious software package that infects computers running Microsoft Windows.
It’s spread using an exploit developed by the NSA called EternalBlue which was leaked by a hacker collective in April. While Microsoft did patch the exploit in March 2017, some didn’t patch in time. And a majority of these were running legacy Windows OSes like XP.
Once installed, WannaCry encrypts user files. The attackers then demand a ransom between US$300 and US$600 worth of bitcoins, threatening to delete files if payment isn’t received within a week.
The NHS was the first to feel the brunt of the attack, with 47 trusts across the UK affected on Friday. According to the BBC, seven remain with “serious issues”.
Other companies were also shut down entirely this weekend in the wake of WannaCry.
WannaCry is still quite active at the time of writing, but the infection rate has slowed somewhat.
Nevertheless, if you are running Windows, be sure to install any outstanding updates today.
Feature image: AVAST Software