Unless you live off the grid, you probably heard news about the recent ransomware attack that shook up the digital world, almost unheeded. It’s still going around as we speak, infecting computers across the globe. It’s called “WannaCry” – an aptly named ransomware attack that shuts down networks and makes you lose all your data.
What is Ransomware?
The term ransomware refers to software that has been written to propagate itself from one computer to another (using various methods, including your network and shared thumb drives). Once it reaches a suitable host machine, it encrypts all the files on your disk, keeping you from being able to see, read or use any of the data. Using a decryption key and/or algorithm is the only way to decipher what were once your documents and photos.
Unfortunately, the only way you can your hands on that key is if you pay off the hackers. Then again, you should know that even after you have paid them the requested sum, there is no guarantee they will help you decrypt everything.
What is WannaCry?
One of the only things known for sure is that this bit of ransomware is a pretty nasty one. It first appeared on May 12, 2017 and, once it got spreading, it spread fast, hitting over 120 different countries. It encrypts 176 types of files and attaches a “.WCRY” extension. Once infected, users were asked to pay $300 in bitcoins to retrieve their data. A warning suggested that if the payment wasn’t made within three days, the price automatically doubled. After a week, they claim, all files would be deleted.
While almost every well-known person in the security world advises against paying the hackers, they also say that, at present, there is no way of decrypting the files. The only way you can restore your lost content is if you have a back up.
The attack was halted in large part thanks to the software’s poor design. A British security researcher registered the seemingly random domain used by the attacker to analyse spread data, which stopped the virus from spreading much further, a sort of self-imposed kill switch. Unfortunately, new versions of the software began cropping up that weren’t vulnerable to this fix.
What should I do?
The simplest thing to do is to always keep a backup of all your important files. Make sure to:
- Make sure all your Windows Operating System computers and servers are updated and patched.
- Take regular backups of all your critical documents and data.
- Keep the backups far away from your computers or laptops so they don’t get infected, as well.
- Update all your software to the latest versions, including applications, browsers and security software.
- Go through your IT security policy to make sure it is up to date and train your staff regularly on company-wide security updates.
These steps will make sure you can prevent any potential attacks from affecting your system. Common sense should keep you safe if you follow your administrators’ and security techs’ advice and stick to your IT policy.
But what if I’ve already been attacked?
If you’re a victim of WannaCry or any other ransomware attack, the first thing you need to do is cross your fingers.
The chances of defeating ransomware attacks are much greater if you haven’t rebooted your computer in a while. According to French researcher Benjamin Delpy, you can use the WanaKiwi software to decrypt your files.
If you have already rebooted your computer, then you’re truly out of luck. The only option you have is to go delve into your backups and hope the files you need have been backed up.
How long is this going to last?
Despite the help of tech gurus in helping stop the spread of this attack, it isn’t all over. Whoever has the source code for this ransomware can always change the domain name and re-launch. We might not be so lucky next time if they decided to hide or encrypt the domain name.
In the mean time, upgrade and back everything up. Stay safe!