Ransomware Outbreak

What has happened?

The most widespread and public malware outbreak for years has managed to infect a huge number of large organisations.

The culprit is malware called WannaCry - which encrypts a computer's files and demands a ransom payment before allowing access again.

It seems to have spread via a computer virus known as a worm.

Unlike many other malicious programs, this one has the ability to move around a network by itself. Most others rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.

By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too. This perhaps explains why its impact is so public - because large numbers of machines at each victim organisation are being compromised.

Petya ransomware

Who made the WannaCry worm?

Currently, we do not know. Ransomware has been a firm favourite of cyber-thieves for some time as it lets them profit quickly from an infection. They can cash out easily thanks to the use of the Bitcoin virtual currency, which is difficult to trace.

The competition among different ransomware gangs has led them to look for ever more effective ways of spreading their malicious code.

WannaCry seems to be built to exploit a bug found by the US National Security Agency. When details of the bug were leaked, many security researchers predicted it would lead to the creation of self-starting ransomware worms. It may, then, have only taken a couple of months for malicious hackers to make good on that prediction.

Why has the NHS been hit so hard?

There could be a lot of reasons. The most likely one is because it is a huge organisation supported by a massive IT infrastructure. It also has lots of partners and suppliers that connect to its core network.

Complexity is the enemy of security and it is a fair bet that some bits of that network, especially those operated by suppliers, are not as well maintained as they should be. This could mean that patches that would have thwarted WannaCry were not applied. So, as soon as the worm got in, it could run rampant.

Is my computer at risk?

It depends. The WannaCry virus only infects machines running Windows. If you do not update Windows and do not take care when opening and reading emails then you could be at risk.

You can protect yourself by running updates, using firewalls and anti-virus software and by being wary when reading emailed messages. It might also be worth taking a back up of key data so you can restore without having to pay up should you be infected.

Email inbox

Can these infections be stopped?

Not really. However, organisations can, and do, work hard to protect themselves. They set up firewalls, install anti-virus programs, apply file filters, run intrusion detection and regularly update software to keep malware and hackers out.

However, no protection can ever be 100% perfect. Why? Because organisations are run by people and they make mistakes. Recognising this, many cyber thieves now rely on tricking insiders into opening booby-trapped attachments or links in emails to start off an infection - a practice known as phishing.

And then there are the billions of login names and passwords stolen and shared by hackers over the last few years. Some cyber gangs now comb through these to find credentials from organisations they want to target. That lets them log in as if they were an employee and start their attack from the inside.

In this case, a patch to close the bug has been available since 14 March but many organisations have clearly failed to apply it in time.

Leave a comment!

Your email address will not be published. Required fields are marked *