15.05.2017

What is 'WanaCrypt0r 2.0' ransomware and why is it attacking global computers?

A ransomware attack has struck computers of companies, state insititions and individuals worldwide. The Guardian stated that about 50,000 hacking cases have been reported in at least 99 countries, including Great Britain, Russia, Spain, Ukraine and Taiwan.

Yet, this may not be the main attack, with the brunt of it still to come, says the Wall Street Journal. The virus may still be waiting to strike when people get back to work on Monday, 15 May.

How does it work?

When a computer is infected, the ransomware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn’t get paid, often with a timer attached to ramp up the pressure.

How does it spread?

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.

How much are they asking for?

WanaCrypt0r 2.0 is asking for $300 worth of the cryptocurrency Bitcoin to unlock the contents of the infected computers. But there’s no guarantee paying will work, because cybercriminals aren’t exactly the most trustworthy group of people.

Was there any defence?

Yes. Shortly before the Shadow Brokers released their files, Microsoft issued a patch for affected versions of Windows, ensuring that the vulnerability couldn’t be used to spread malware between fully updated versions of its operating system. But for many reasons, from a lack of resources to a desire to fully test new updates before pushing them out more widely, organisations are often slow to install such security updates on a wider scale.

Latest news

Opinion

Follow @JAMnewsCaucasus