Over the past few days, you might have heard about the world-wide cyber-attacks on hundreds of thousands of computers in 150 countries. The name of the ransomware responsible for this particular attack is WannaCry. Ransomware is a vicious malware that attacks a device, encrypts the information on the device and ultimately locks out the user until an amount (ransom) has been paid.
HOW DOES IT OPERATE?
WannaCry is caused by a piece of software that replicates itself. This software takes advantage of weaknesses in the earlier versions of Microsoft’s windows. Upon infection, WannaCry encrypts all the information (videos, pictures, documents etc.) on a computer.
The malware then spreads from device to device as it finds vulnerable targets. The hacker demands $300USD as ransom for the encrypted files, the amount increases after two hours.
The security flaws were first brought to light by a group known as TheShadowBrokers several weeks ago. Shortly after that disclosure, Microsoft announced it had already issued software updates (patches) for those holes.
The spread of the attack was temporarily halted Friday night when a UK cyber security researcher inadvertently activated a “kill switch” in the malware’s code, said a Guardian report. That gave US firms additional time to patch their systems to avoid infection, but the researcher said his fix would eventually be sidestepped by the hackers, and it didn’t help networks already hit by the ransom-ware.
You can follow the live update of the cyber-attack on this malware tracking site.
Ransomware is not new, but the difference with the WannaCry malware is the scale of the attack. “This is really the biggest cyber shakedown in history,” said Roger Cheng, executive editor at CNET News.
HOW TO AVOID THIS ATTACK.