WannaCry, the latest cyber-attack to make its way into the mainstream news hit the internet right before Mother’s Day 2017. Reports came in from Europe that some computers connected to the Internet started to be taken over by a nasty ransomware  application that encrypted the contents of the computer’s hard drive. The application demanded that the user send $300 in bitcoin within three days to get their data back. The demand doubled to $600 after three days and claimed that, if the user waited more than seven days, decryption would not be possible.
Several large companies including Telefónica, Renault and FedEx announced they had been hit with the attack and had lost access to important data.
What does WannaCry do and how does it do it?
Like most ransomware attacks, WannaCry makes its way onto a susceptible computer and encrypts the contents of the hard drive using a strong encryption algorithm. Once the data is encrypted, the application informs the user that their data has been encrypted and that they will have to pay in order to get back access to their data. The hackers demand payment in bitcoin which is an untraceable form of currency.
WannaCry attacks computers by exploiting a loophole in older versions of Microsoft’s Windows operating system. WannaCry uses infected computers around the Internet to spread the ransomware to other computers. Due to the scale of this attack, Microsoft has taken the unusual step of issuing a public patch for older operating systems (Windows XP, 8 and Windows Server 2003) that can prevent infection. From examinations of WannaCry it looks to be using a piece of software, originally created by the US National Security Agency (NSA), called EternalBlue  which was originally designed to spy on computers over the Internet.
How to stop WannaCry? First, make sure your operating system is up to date with the most current operating system patches from Microsoft. If you are running an older operating system (like Windows XP) you should consider upgrading to the most current operating system (Windows 10.) Newer operating systems get patched quicker and more frequently. Next, make sure that you have your entire system backed-up AND that you are backing up on a regular basis. In the event that your computer is infected with and ransomware you can restore your system from the most recent backup prior to the infection but, if your most recent backup is old, you may lose lots of important data.
If you do need to restore from backup to get around a ransomware attack you’ll want to make sure you immediately update both your operating system and anti-virus application (and then backup your system now that it’s patched and updated.)
You may want to read our article on preventing ransomware and what to do for infected systems to learn more.