There’s a ton of technical information on Wannacrypt, but what I did not see, is some layman’s overview of the global hack, that stopped at least 250,000 computers globally from May 12th. With this post, I will attempt to explain what Wannacrypt is, and how it works for the non-technical crowd.
Microsoft Windows, the most widely used computer operating system in the world, has a built in feature that allows it to share files with other Windows computers. The techies call it SMB (Samba, Windows File sharing, etc). This is commonly used to copy files around, particularly in offices, and some home office environments. Nothing sinister here – that’s just how it works.
A flaw was discovered in the code of the Windows file sharing module, that would allow anyone to inject their own code into the computer. The hackers got their hands on the flaw, and started injecting this nasty code of theirs into the machines they found vulnerable, and then effectively infecting the machine. And then it started spreading…
The malware would try to find other computers that are also vulnerable, and infect those along the way. The infection was spreading rapidly, due to the high number of vulnerable Windows PCs that were online.
The infected machine would then encrypt all the files on the computer. This means that you won’t be able to open your files, until you paid the ransom. Now imagine this – you’re a small business. You probably run your accounting system on something like MYOB, or you have a bunch of Excel files that you use to manage your operation. Suddenly you are unable to read any of those files, and your computer is effectively held ransom. Now imagine this happened in a hospital, where people are waiting to be treated, about to go in for an operation, and suddenly everything stops. Real lives are now at stake. This is not just a little computer virus anymore, this is serious.
While it all sounds like doom and gloom, I do want to share some tips.
- If your machine gets infected, and you see the ransom message, do not pay it! You have no guarantee that they’ll release your files, and by paying the hackers, you are saying that you’re an easy target, and they’ll come back for you, but mostly, by paying the ransom you are making the ransom game a profitable industry. Do not give a criminal money.
- If you have a very old computer (running Windows 2000, or Windows XP, or even older than that), you should seriously consider upgrading. Windows XP went out of support a number of years ago. Fortunately Microsoft did provide a patch for XP this time around, but the chances of another malware like this hitting your XP machine is big.
- Make sure you run the patch updates regularly. Microsoft released the patch in March, 2 months before the malware hit. Most of us should have some form of broadband at home. If your PC is not receiving updates, then ask your 6 year old to help you, and turn that on. I know my dad turns his auto updates off because it consumes his bandwidth (which I understand is expensive in his country) – the risk of infection is then that much higher, and then it’s game over.
- Be cautious of emails with links and attachments. The bad guys can disguise emails to look real. Need more info? Check this Youtube video.
- Your last defence is to make regular backups. Always consider that you could loose the entire computer to theft or damage, and in that case, how would you be able to continue working? Copying your critical files to a USB or cloud storage solution is a good idea, but this is no good if you don’t regularly perform the backups. Invest in a cloud service like OneDrive or Dropbox where your files are continuously backed up.