Over the weekend, NHS systems in the United Kingdom and organisations across the globe were systematically and simultaneously attacked by a piece of ransomware known as WannaCrypt0r (Aka WannaCry/WCry). Whilst the who, where or why is currently unknown we do know the what and the how. To help protect you from potentially being affected by this ransomware, please read the below information and follow the tips to ensure you’re protected.

What is WannaCrypt0r?

WannaCrypt0r or WannaCry is a piece of malicious software, or ransomware. It works by encrypting (locking) files and folders on a computer or mobile device and demanding a ransom (normally the online crypto currency Bitcoin) before files are decrypted or unlocked. WCry is relatively old ransomware and most people/organisations who regularly update their PC systems and anti-virus software will already be protected from infection. The attack was able to spread throughout entire organisations because of an exploit in windows operating systems.

How did this cyber attack affect so many people?

As mentioned above, the ransomware works by infecting a single PC and from there, it exploits a known weakness which allows it to spread to other PC’s on the same network automatically.

It is extremely likely that the virus was initially spread by users clicking on links or attachments in an email which then downloads and installs the virus on to the network. Hackers often send out vast numbers of malicious emails, known as phishing emails in the hope that someone will click on the link/attachment, the PC will become infected and the ransom will be paid – generating large amounts of money for the hackers.

How can I protect myself from ransomware?

There are a number of very simple steps that we can all take to protect ourselves and our organisations from these kinds of attacks.

  • Keep your PC/Laptop/Mobile devices updated. Regularly updating software such as anti-virus software and operating systems can prevent the spread of computer viruses. If the system can’t be exploited, the virus cannot work. If you don’t have anti-virus software installed on your PC/Laptop or mobile devices, do it today. There are a number of free and paid for options available.
  • Be wary of unsolicited emails. As previously mentioned, hackers will send out phishing emails, often under the guise of large, well known organisations. Previously, top things to look out for included poor grammar and spelling, unusual sender email addresses and links that do not appear to be from the genuine website – but criminals are becoming ever more sophisticated. These emails can look extremely legitimate and make reference to sites and services that recipients might regularly use. Criminals are increasingly collecting information from social media and reflecting it in their phishing emails. If you receive an email you suspect is a spam or phishing email, you should immediately mark it as spam and delete it. DO NOT click on any links or open any attachments.
  • Don’t panic – if you have clicked on a link or opened an attachment and find yourself faced with a ransom demands, do not panic. Free tools exist to decrypt your files without the need to pay any ransom. No More Ransom is a website developed by Europol and other partners.
  • Don’t pay any ransom. The hackers are under no obligation to decrypt your files, even if you pay the ransom demanded.
  • Back it up. PC/Laptop users should regularly and habitually back-up files such as music, documents and pictures onto an external hard-drive. This way, if you get infected you can have your computer reset without fear of losing your data. Don’t rely on online back-ups.
  • Do not store personal or sensitive data such as credit/debit card details on your internet browsers or computers. This data is far more valuable to hackers than any ransom.
  • Be wary of connecting to public wifi hotspots – these connections often aren’t secure making it even easier for hackers to potentially gain access to your devices.

Is there any good news?

Yes – On Saturday (13th May) a UK Cyber Security researcher ‘accidentally’ halted the spread of infections after discovering a ‘kill switch’ embedded into the code of the ransomware.

For further advice and updates visit the National Cyber Security Centre website or follow them on twitter.