Security experts are bracing for more fallout from Friday's worldwide WannaCry ransomware attack, which has so far affected more than 150 countries and major businesses and organizations, including FedEx, Renault and Britain's National Health Service. But if you're just hearing about this attack — or waking up to an unresponsive computer of your own — here's what you need to understand about what law enforcement officials have called the biggest such attack in history.
Ransomware is a kind of malicious software that, as its name implies, takes a computer hostage and holds it for ransom. In this case, the attackers are asking for at least $300 in bitcoins for each computer affected by the attack.
With ransomware attacks, the malware locks down a target machine, encrypting its data and preventing the owner from accessing it until he or she agrees to pay up.
How many people have been affected by the current strain, WannaCry?
Over the weekend, Europol officials said that some 200,000 computers have been hit by the malware. But that number has almost certainly risen as people in Asia — who had logged off for the workweek before WannaCry began spreading — have returned to work. On Monday, the Japanese electronics maker Hitachi, a prominent Korean theater chain and the Chinese government said their systems had been affected. Chinese state media reported that 40,000 businesses and institutions have been hit, according to NPR, including universities, gas stations and city services.
And that's just a measure of the electronic consequences of WannaCry. The software attack has taken a toll on many people in the real world. Health care providers in Britain's NHS, for example, were forced to turn ambulances away and cancel or delay cancer treatments for patients over the weekend, though officials say 80 percent of the NHS's systems were unaffected and that the disruption is easing.
Are victims paying the ransom?
Some are. The news site Quartz has set up a Twitter bot to track the bitcoin wallets linked to the attack, which are growing fatter by the minute.
The three bitcoin wallets tied to #WannaCry ransomware have received 194 payments totaling 31.38971127 BTC ($53,453.58 USD).— actual ransom (@actual_ransom) May 15, 2017
Businesses and organizations seem to have been hit pretty hard, particularly overseas. Why?
It's largely a question of resources and attention. Security experts say the attack could have been prevented if many businesses had simply kept their machines up to date with the latest software. In reality, doing that may be more difficult than it sounds, either because of corporate cultures that don't prioritize security or because of a lack of funding to upgrade to the latest and greatest.
That raises questions about inequality in technology, said Stewart Baker, a former general counsel at the National Security Agency. Many people, he said, run pirated versions of Microsoft operating systems because they feel they cannot afford the real thing. Those people “are at risk — they're probably not getting updates,” he said.
Other organizations, he said, may have stuck with legacy software because it worked and paying to upgrade to new versions of Windows didn't seem necessary.
But after the highly public spread of WannaCry, companies around the globe no longer have an excuse to forgo system updates, said one former Obama administration official.
“It’s no longer a cost of doing business,” said R. David Edelman, who advised President Barack Obama on technology. “It’s going to be a cost of staying in business.”
I've been hit by WannaCry. Should I pay?
Some of those who have paid the WannaCry ransom have regained control of their computers, security researchers say. Still, many are urging consumers not to pay the ransom if they can avoid it because giving in simply encourages attackers to pump out more ransomware, and victims may not get their data back even if they do pay.
Analysts have noticed an uptick of ransomware attacks in recent years, with most predicting an even bigger increase in 2017.
The #WannaCry ransomtrojan is just the latest in a long list of similar trojans. Our ransomtrojan map 2010-2017. pic.twitter.com/IbG0BWhvE9— @mikko (@mikko) May 15, 2017
What if I don't have the luxury of fighting the ransomware?
The bad news is, you might be stuck with paying or wiping your machine and starting over from a clean install. But the next best thing you can do is help reduce the odds of being hit next time. We'll get to some tips in a minute.
Who's being targeted? Am I safe?
The WannaCry ransomware targets Windows computers, particularly those running Windows XP, an aging operating system that Microsoft largely stopped supporting in 2014. If you're running the most recent version of Windows, or XP with the appropriate security patches, you should be okay (though you should really stop using XP right away).
What about Apple and Android devices?
Apple computers appear not to be affected by WannaCry, but that does not mean that Macs or iPhones are immune to malware in general. As Apple has gained more marketshare, its products have become a much bigger target for attackers. And Android phones are notoriously susceptible to malware, in part because many Android phones run outdated versions of the system and it's incumbent on cellphone carriers to push updates. If you prefer using Android, consider switching to one of Google's proprietary handsets, such as the Pixel, which tend to receive Google's software patches as soon as they're released, experts say.
Who's behind the WannaCry attack?
It's unclear who the attackers are, but we do somewhat know about the origins of the ransomware. The vulnerability in Windows that WannaCry takes advantage of was discovered by the NSA for its surveillance toolkit. But word got out when a hacker group known as the Shadow Brokers dumped a bunch of leaked NSA information onto the Internet in April. Microsoft, however, had already issued a software update the month before; those that downloaded and installed the patch were protected from WannaCry, but many others lagged behind and became victims.
Microsoft is now warning that the government practice of “stockpiling” software vulnerabilities so that they can be used as weapons is a misguided tactic that weakens security for everybody.
“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” the company said Sunday.
How can I protect myself?
Bottom line: Make sure your device's software is up to date. Software updates often contain lots of patches that fix bugs and close security loopholes; regularly using Windows Update or the Software Update feature on a Mac will help insulate you from problems. But you can also set your devices to install those updates automatically so you don't even have to think about it. Hackers prey on complacency.
In addition, you can:
- Create backups of your most important files, either by downloading them to an external hard drive or by storing them in a cloud-based storage service.
- Use a password manager to create and keep track of unique, hard-to-remember (and thus hard-to-break) passwords for each of your services. It's a little counterintuitive, but experts say it's much more secure than the alternative, which is reusing the same password across multiple websites.
- Check your medical and credit reports for evidence of fraudulent activity.
- At work, check with your IT administrator to make sure your organization's devices are protected from WannaCry.
- Remember to treat unexpected emails with caution, and read up on phishing — one of the most common types of social engineering attacks used by attackers to compromise machines.
“Ransomware is following the same trajectory as phishing,” said Phillip Hallam-Baker, an expert at the digital security firm Comodo. “The criminals have worked out how to monetize the crime, and they know which types of businesses are likely to pay up — and how to collect the money without being caught.”