On Friday afternoon it became known that a ransomware attack was spreading like wildfire throughout unpatched Windows systems worldwide. The ransomware, known as WannaCrypt 2.0 (or WannaCry or Wannacrytor), is based on a hacking tool called ‘Eternal Blue’, which was leaked from the NSA around a month ago. The attack was initially thought to be targeted only at the UK’s National Health Service, but it is clear now that the attacks are global. So far, the ransomware has targeted computers in almost 100 countries. Kaspersky Labs has estimated that over 100,000 computers have been affected to date.
The largest number of attacks has occurred in Russia, and the attack has affected Spain’s Telefonica, the Russian Interior Ministry, the UK National Health Service, and the American FedEx. Many university and academic networks are also stating that they have been targeted around the world. In the UK, over 40 hospitals and health providers have been affected. These hospitals’ systems are crippled, and thus they are turning away patients, postpone surgeries and other procedures, and reroute ambulances.
The ransomware spread through cleverly created phishing emails, and has spread with the NSA’s Eternal Blue hacking tool. The first part of the attack involves infection of the computer, and propagating the attack. The second part of the attack locks the victim’s computer, and holds it for ransom. Victims find their computers or devices locked, and a ransom of $300 is demanded in order to free the victim’s device and private data.
A researcher going by the name of Malwaretech was able to suspend infection of the ransomware by registering a domain name that temporarily froze the ransomware, which helped to slow the attack in the United States.
To defend yourself against the WannaCrypt attack, the only action to take at the moment is prevent infection. You should have a strong antivirus software installed on your device, and you should run manual checks of your device more frequently than usual. Also install any system updates, so that your device’s security is as up to date as possible. Don’t open any suspicious emails, and if you unsure about the source of an email, deleting it is the safest course of action. Create backups of your valuable information and data, just in case you are infected, you will not need to “buy back” your files.