The NHS and a variety of companies and organisations have been infected by the rapidly spreading WannaCry / WCry worm which is a type of ransomware.
How this happened
The National Security Agency (NSA) in the USA had found a number of software vulnerabilities in Windows and kept them secret, including from Microsoft for their own purposes. In short it let the NSA control a computer remotely whenever they wanted, and this was great as no-one else knew about the vulnerabilities.
Then someone leaked these vulnerabilities and Microsoft rapidly created an update to patch these vulnerabilities. But at the same time others used this information to remotely control computers that hadn’t been patched – and then it got into big networks like the supposed secure N3 Network which the NHS use.
What is Ransomware?
In short it is software which holds you to ransom by locking out your files. It encrypts them so you need a special password to open them, sends the key to the attackers and realistically the only way you can get those files back is to pay the ransom. However, after you pay it is unlikely you will get the key as payment is anonymous.
Instead of just asking you for money via Card, Bank transfer or PayPal the criminals use BitCoin, which can be completely anonymous. That is you don’t know who is receiving the payment. While BitCoin is beyond the scope of this post, you can see that payments have been made but no government can find out who.
Dangerous “Worm” not a viral attachment
There seems to be significant awareness to not open attachments on suspicious emails or click concerning links, but this software ‘worms’ its way through networks. That is, if one computer gets affected the software will look on the network for other computers it can affect directly automatically.
Are you at risk?
If you run Windows 7, 8 or 10 and haven’t done an update in a while, then yes you are at risk. If you are on Windows XP then you are at risk for this and several other things and can’t be protected as Microsoft no longer supports Windows XP for consumers.
Please stop reading this article and run Windows Update. While we’d normally suggest you can be choosy with Windows Updates in this case it’s best to accept everything and set updates to be on automatic.
A few tips:
- Windows Update can be found in Control Panel under Start > Control Panel (or search)
- On Windows 10 just type ‘Windows Update’ into the search box to find it
- “Creators Updates” is the name for the newest version of Windows 10 (get it)
- Check when your computer is planning automatic updates, often it’s an odd time of day like 3am when your computer might be off and hence won’t update
What about my Antivirus software and Firewall?
They may help, but are unlikely to be significantly up to date in this rapidly changing attack. Certainly keep them up to date but do not rely on that alone. Please update Windows too, and ensure you have a backup (see below).
Smug on a Mac?
Remember this was code from the NSA, reputably the most powerful spying organisation in the world. There were several vulnerabilities which were leaked which will include Macs and similar Unix-based systems. It would be safe to assume Macs are next on the list, Windows was just first as there are more Windows users than Mac users so they’d make more money.
Planning (yes, we mean backups)
Few people can afford to lose all the data on their computer, let alone the time to just setup a new one with the programs the way you like it. Remember that if your computer is locked it will mean losing:
- Your documents/ work
- Possibly email access
There are two simple ways to save most of this:
- Backup crucial documents (say some spreadsheets, your work) onto a USB stick, maybe once a week. Do not leave it in your USB drive, or it could also get infected.
- Backup everything else to an external hard drive and disconnect it
The key here is being disconnected. If your computer gets infected with ransomware and the files are encrypted then there’s a good chance anything else that’s connected to it and stores files (backup drive, USB key) will also be encrypted, which makes the backup pointless.
Cloud backup services like Dropbox, OneDrive or other online storage is not a protection (unless they keep separate additional backup) because it is also connected to your computer and can also be encrypted (they won’t be able to fix it) – you need physical backup.