On Friday, a worldwide “ransomware” attack, called “WannaCry,” was deployed by a party presently unknown. Ransomware is a kind of malicious software that, as its name implies, takes a computer hostage and holds it for ransom. The malware enters a computer system through an email attachment or someone visiting a website. From there, it can spread to other computers on that same network. Hackers typically demand about $300 in payment via bitcoin, an untraceable digital currency. If that ransom isn't paid in 72 hours, the price could double. After a few days, the files are permanently locked. Hackers could stand to make more than $1 billion if the ransoms are all paid. This attack further reinforces the inherent risks of our overreliance on computerized systems and the challenges we face in securing those systems.
As of Sunday more than 200,000 devices in at least 150 countries have been affected, making this the largest cyberextortion scheme ever. So far, the main targets of the attack have been outside the United States but neither the federal government nor American corporations assume this will continue to be the case. The hackers have generally targeted hospitals, academic institutions, blue-chip companies and businesses like movie theater chains.
The speed and reach of WannaCry, as well as its ability to evolve, are yet more examples of the new age of cyberterrorism we live in. The first wave of attacks was stanched when an anonymous 22-year old British expert inadvertently found a kill switch that allowed slowing the spread of WannaCry. Variations of the malware have already been seen in the wild, but they have lacked the capacity to spread themselves, which has vastly limited their spread. But WannaCry could continue to expand its range indefinitely because it exploits a vulnerability that has persisted unprotected on many systems. This attack did not target Windows 10 systems but is present in all versions of Windows prior to that, dating back to Windows XP.
Going forward, more resources will be allocated to data backups and more attention will be given to updating to the latest security patches. The gradual move to cloud-based storage platforms should improve recoverability from ransomware attacks.
Phishing attacks with malicious attachments are the main way the malware ends up on corporate networks, meaning that users should be wary of opening such attachments if they seem unusual.
How do you spot a fishy email?
1. Look carefully at the email address of the sender to see if it is coming from a legitimate address.
2. Look for obvious typos and grammatical errors in the body.
3. Hover over hyperlinks (without clicking on them) inside emails to see whether they direct you to suspicious web pages.
4. If an email appears to have come from your bank, credit card company or internet service provider, keep in mind that they will never ask for sensitive information like your password or social security number.
5. Ransomware developers often use pop-up windows that advertise software products that remove malware. Do not click on anything through these pop-ups, then safely close the windows.
6. Phishing attempts may try to trick you with scare tactics or immediate action so validate the source before you take any action.
7. Do not open attachments that you are not expecting.
8. Pay close attention to the sender because it may appear to be someone you know but with a slightly altered e-mail address which may be overlooked.
9. If you do not recognize the other people in the “to” line or are being cc’d on a strange email that should be a red flag.
If already infected—
1. Disconnect your computer from the internet so it does not infect other machines.
2. Report the crime to law enforcement and seek help from a tech professional to find out what your options for data recovery might be.