Global Ransomware Epidemic

Making worldwide headlines, the WannaCry worm has wreaked havoc the world over since it was first detected on Friday May 12 2017. The WannaCry worm exploited a vulnerability in Microsoft Windows that had been utilized by the U.S. National Security Agency (NSA) for some time for hacking purposes. After finding out about the potential threat, Microsoft quickly mobilized a patch. Unfortunately many businesses and individuals were slow to adopt the update, and more than 300,000 computers worldwide have since become infected.

What is it?

WannaCry is a type of virus known as a worm. It spreads when an infected computer connects to a network, thereby propagating the infection to other computers on that network. After a computer becomes infected, the files on the system are scrambled, also known as 'encrypted'. A message is then displayed on the screen of the device demanding a payment of US$300 to US$600 to release the files. Computer owners are prompted to make the payment using an online currency known as Bitcoin which is not traceable, making the identities of the creators difficult to ascertain.

Who created the virus?

Very little is known about who created the virus; however several clues have been found that point to a particular geographic region. According to experts, 28 language variations of the virus have been observed. Of the 28, only 2 appear to have been written by a human; Chinese and English. The remaining 26 notes were translated by the Google Translate tool. According to the experts, the dialect used is consistent with inhabitants of Southern China, Hong Kong, Taiwan or Singapore. On August 3 reports claimed that the hackers had made a withdrawal of US$143,000 from their Bitcoin wallets.

What can I do to protect myself?

Most Windows-based computers with automatic updates will already have the patch applied, thus making them immune to the worm. However, if your computer has had updates switched off, or if your computer has not been run for some time, it may still be at risk. It is critical that you run the MS17-010 patch released by Microsoft (You can find links below).
MS17-010 for Windows 10
MS17-010 for Windows 8.1
MS17-010 for Windows 7
MS17-010 for Windows XP, Vista and 8.

What can be learned by this attack?

Several valuable lessons come from observing this type of attack. First and foremost is the importance of keeping your systems up to date. If all computers worldwide had all available Windows Updates installed, this attack would have been completely defeated before it even began. Secondly, running a regular data backup is critical to ensure that if things do go wrong your system can be restored back to working order with minimal impact. Many computer users who refused to pay the ransom for their files simply lost their data due to poor backup procedure.


Are you concerned that your system may not be protected? Is your computer infected with malware or a virus? Contact Us for assistance!