WannaCry: How to protect yourself, what’s happened so far and what could happen next
A worldwide ransomware attack has been thwarted for now, but security experts are staying on guard in case new versions of the ‘WannaCry’ program emerge. Here’s what we know
- The global cyberattack that took computer files hostage over the weekend appeared to slow on Monday as authorities worked to catch the extortionists behind it and safeguard against new variants that might emerge.
- The Shadow Brokers hacker group, which took credit for leaking information about Windows’s vulnerabilities that made the ransomware attack possible, said Tuesday that it would soon release more information that could be used to break in to Windows 10 operating systems, phones and network routers.
- Researchers have found evidence they said could link North Korea with WannaCry. Symantec and Kaspersky Lab say that some code in an earlier version of the ransomware had also appeared in programs used by another group that several companies have identified as a North Korea-run hacking operation.
- Canada was largely spared from the first wave of WannaCry, and Bell Canada said Monday that the ransomware was unrelated to a recent security breach of its customer records. The telecom company apologized to customers after 1.9 million of its customer e-mail addresses were accessed illegally.
WannaCry is a kind of malicious software commonly called ransomware. Such programs encrypt an infected user’s files and display a message demanding a ransom, in money or Bitcoin, to release the files, threatening that failure to pay will leave the data mangled beyond repair.
Many types of ransomware are spread by the attacker luring users into downloading malicious files or opening attachments sent by e-mail. But in this case, the WannaCry ransomware is believed to have spread without these methods by using a security exploit in Windows systems called “EternalBlue,” stolen from the U.S. National Security Agency. Last week’s iteration of WannaCry paralyzed computers around the world running mostly older versions of Microsoft Windows. Security experts fear new variants of WannaCry could be unleashed.
Here’s how you can protect yourself, depending on the operating system you have.
- Windows Vista to Windows 10: Microsoft issued a patch for the EternalBlue vulnerability in March.
- Windows XP and Windows Server 2003: Microsoft didn’t issue a set of patches for some of its older, unsupported operating systems until May 12.
- Don’t open that attachment: To avoid infection from ransomware e-mails, be careful about clicking on links or attachments in e-mails, especially if the sender is someone you don’t know. Look carefully to see if the e-mail is worded suspiciously, or if it comes from an address that seems to be imitating a sender that you trust; malware senders sometimes try to fool you. And to make sure your important files are safe if you do get infected, back them up on a secure device. Here are some more pointers from Microsoft on how to avoid ransomware infection.
Who was affected by WannaCry?
Friday’s attack affected an estimated 300,000 machines in 150 countries. Targets included Britain’s hospital network, Germany’s national railway and government agencies around the world.
North America was spared the worst of the initial attack: On Tuesday, an official with the U.S. Department of Homeland Security told reporters that fewer than 10 U.S. organizations had reported to the agency that they were affected. There were also a few documented cases in Canada:
- At the University of Montreal, 120 of the school’s 8,300 computers were affected by WannaCry over the weekend. A spokesperson told The Globe on Tuesday that no other computer had been affected in the past 48 hours and that as far as the university knew, no ransom had been paid.
- Lakeridge Health hospital system in Oshawa, Ont., just east of Toronto, noticed the virus in its system on Friday, though a spokesman said the company’s anti-virus software immediately caught it, and that neither patient care nor medical records were affected.
A major data breach at telecom giant Bell Canada was not related to the WannaCry attack, the company said Monday after 1.9 million customer e-mail addresses were illegally accessed. “There is no indication that any financial, password or other sensitive personal information was accessed,” Bell said in a statement about the breach.
How this man stopped WannaCry, for now
The defeat of WannaCry is widely credited to a 22-year-old British computer expert, Marcus Hutchins, who works for Los Angeles-based Kryptos Logic. He’s the one who discovered a so-called kill switch that slowed the unprecedented outbreak on Friday.
In his first face-to-face interview, Mr. Hutchins told Associated Press Monday that he stumbled across the solution when he was analyzing a sample of the malicious code and noticed it was linked to an unregistered web address. He promptly registered the domain, something he regularly does to discover ways to track or stop cyber threats, and found that stopped the worm from spreading.
Salim Neino, CEO of Kryptos Logic, said Mr. Hutchins took over the kill switch on Friday afternoon European time, and that doing so protected the United States from the worst of the ransomware:
Marcus, with the program he runs at Kryptos Logic, not only saved the United States but also prevented further damage to the rest of the world. Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment. This is something that Marcus validated himself.
Mr. Neino said the company was not able to identify “patient zero,” the first system infected, which would give researchers more information about who was behind the attack. Nevertheless, he said the worm was “poorly designed” – patched together and a “sum of different parts” with an unsophisticated payment system.
Mr. Hutchins has long tweeted under the handle MalwareTech, which features a profile photo of a pouty-faced cat wearing enormous sunglasses. But he realizes his newfound fame will mean an end to the anonymity. After all, now he’s a computer celebrity; he’s been in touch with the FBI, as well as British national cyber-security officials.
It is likely to be a big adjustment. Mr. Hutchins lives with his family in the seaside town of Ilfracombe, where he works out of his bedroom on a sophisticated computer setup with three enormous screens. He will soon become a local hero – but if you ask him, his life of celebrity will be short lived. “I felt like I should agree to one interview,” he said. But even that made the fame-averse Mr. Hutchins so nervous that he initially misspelled his last name, leaving out the letter “n” when doing a sound-level for the cameras.
His mother Janet, a nurse, couldn’t be prouder – and was happy to have the veil of anonymity lifted:
I wanted to scream, but I couldn’t.
Mr. Hutchins told Associated Press that he doesn’t consider himself a hero but fights malware because “it’s the right thing to do”:
I’m definitely not a hero. I’m just someone doing my bit to stop botnets.