The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Mopping Up After the WannaCry Outbreak

The worldwide ransonmware attack that exploded across the internet on May 12 affected both individual users and large agencies. Here's how it happened, and what to do to keep your system safe.

Bomb on binaryDoes anyone wonder why cybersecurity is still the hottest domain in IT? Only about 10 days ago, the “WannaCry” virus infected thousands of computers around the globe, locking up their data and demanding a ransom. While the virus in the United States was limited and contained fairly quickly, it ran amok across Europe and Asia, causing especially serious damage to the National Health System in the United Kingdom, which uses outdated Windows products and failed to provide essential cyber security training to their employees.


Fortunately, things came to a quick end when an enterprising 22-year-old British computer expert found a so-called “kill switch.” Unfortunately, new variants of the virus, without the kill switch are already on the internet.


Following are six important facts about WannaCry, as well as some tips that could help to prevent a reoccurrence down the road.


200,000 computer systems in 150 countries infected in one weekend.


In less than three days, WannaCry — also known as WCry, WannaCrypt and WanaDecryptor — zipped around the globe. The virus was designed to perform globally with ransom messages appearing in dozens of different languages. Ransom demands popped up appeared everywhere from movie screens in South Korea to railway schedules in Germany.


Ultimately, no one is certain of the extent of the damage, because a large number of the infected systems were located in China. One estimate put the number of companies, hospitals, government agencies, railway stations, malls, and universities in China at almost 30,000. At one point 20,000 gas stations went offline.


WannaCry is ransomware.


The goal of WannaCry is to extort money from victims by encrypting their data. The ransom is typically paid with an untraceable digital “crypto-currency” like Bitcoin. Once payment is received, the hackers provide a code so the victim can unlock their data.


Ransomware attacks are becoming increasingly common. The practice is so successful that unethical people can buy ready-made virus packages on the dark-web for a pittance. Just like on eBay and Amazon, satisfied customers are even leaving positive reviews on the products. Security experts estimate that there are more than 100 different strains of ransomware currently active on the internet, with an infection rate that is growing at 36 percent per year.


Victims typically pay the ransom.


More than 200 of WannaCry’s victims who quickly paid got their data back. Cybersecurity experts advise against doing so, however, cautioning that, in general, only about two-thirds of victims get their data back after paying the ransom. They also fear that paying the ransom will encourage future bad behavior. Unfortunately, for most victims it’s not a straightforward decision. Faced with the practicability and necessity of getting their data back, most willingly pay up.


Even Microsoft, in their ransomware Frequently Asked Questions (FAQ) document, refuses to give a firm answer on paying the ransom or not. Their response is that “there is no one-size-fits-all response when victimized by ransomware.”


There’s been lots of finger pointing.


Microsoft blames the NSA and other intelligence services for not sharing information on “exploits stolen from the National Security Agency, or NSA, in the United States.” In a blog post, Brad Smith, Microsoft’s chief legal officer and president, said that attack was an “example of why the stockpiling of vulnerabilities by governments is such a problem.”


Even Russian President Vladimir Putin got his kicks in by blaming U.S. government officials. Citing Smith’s letter, he said, “Microsoft said it directly: The initial source of this virus is the U.S.’s security agencies. Russia’s got absolutely nothing to do with it.”


Others blame Microsoft for poor product design, and for abandoning users who run older versions of the Windows OS. WannaCry exploited a bug in the networking protocol of the still widely-installed and used XP version of Windows. Unfortunately, the company officially stopped supporting Windows XP in 2014 and no longer provides patches to the general public. Customers complain that Microsoft should have at least alerted them to the need for a security patch.


Eventually, as the extent of the virus became evident, Microsoft did provide an emergency security update for Windows XP, Windows 8, and Windows Server 2003 users on Friday. Unfortunately, more than 1 million computers around the world are said to remain vulnerable.