What does WannaCry do?
WannaCry locks users from their computers or data and demands ransoms of between $300 and $600 to restore access.
The malicious software specifically exploits a security flaw in Windows XP, an older version of the Microsoft operating system. Once a computer is infected, its files are encrypted and it spreads to other computers.
Who has been affected?
Since it was discovered on Friday afternoon, the attack has spread to impact over 10,000 organization and 200,000 people across 150 countries.
On Friday the attack hit the UK’s National Health Service, causing disruptions and delays in services. The same day Renault, the French automaker, shut down several of its factories as a result of the ransomware. Since then the virus has spread to China, where there have been 29,000 infections. Telecoms and gas companies in Spain have been hit, along with the U.S. delivery company FedEx, and the Russian interior ministry.
What can you do to prevent the attack?
Authorities in the UK and the US have advised people and businesses using Windows to get the latest software updates and to make sure any anti-virus products are up to date, and to scan computers for malicious programmes.
It’s also advisable to backup any important or valuable data, just in case it does get held for ransom.
People affected by the attack have been advised to refuse to pay the ransom to get their data back.
“These people are criminals, and paying money to a criminal is never a good idea. However, if it’s a trade-off between losing your lifetime’s family photos and making a payment to a criminal, then it’s up to the individual to make that judgment call,” Associate Professor Mark Gregory, leader of the network engineering research group at RMIT University, told The Guardian.
Security firm Check Point also pointed out in a blog post this weekend that there is no evidence of hackers giving back stolen data even after the ransom is paid.
What is the fallout?
It may be a long time before the perpetrators of the attack are caught so much of the focus has been on the apparent lack of cyber security at major organizations such as the NHS in the UK. Microsoft has also hit out at governments for apparently stockpiling computer vulnerabilities, as it is believed the tools needed to carry out the widespread attack were stolen from the National Security Agency in the US.
“Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Microsoft’s president and chief legal officer Brad Smith wrote in a blog post.