WannaCry, a particularly virulent ransomware recently swept the globe, holding hundreds of computers hostage. The damage was quite large as it affected individuals in the private sector as well as companies. Even government offices and phone companies’ operations were disrupted. The ransomware also affected hospitals in England, putting patients’ lives at risk.
What is WannaCry?
WannaCry, known in some corners as WannaCrypt, works similarly with other ransomware. Once it infects a computer, it locks out the user, preventing access to his drive files. These files will then be held hostage until the owner of the device pays the ransom fee. In the case of WannaCry, the fee that hackers demand is often $300 worth of bitcoins.
The ransomware gains access by exploiting computers running on Microsoft OS and haven’t been updated with the latest security patches. It seems that the OS vulnerability was detected by the National Security Agency earlier on. It is alleged that the NSA did not disclose this important information as they were intending to take advantage of it for surveillance purposes. Unfortunately, hackers then got hold of the information, which gave birth to one of the most widespread ransomware attacks in recent history.
Computers from Russia, China, the US, and the UK are just a few of the affected systems. According to reports, over 200,000 computers in more than 150 countries have been affected so far. And the ransomware continues to spread across the globe, leaving crippled businesses in its wake.
WannaCry Shut Down UK Hospitals
The malware crippled IT systems and telephone lines in various NHS (National Health Service) hospitals in the UK. Just after a few hours of the massive cyber attack, the East and North Hertfordshire NHS published a message for their customers on their website. They informed that they were “currently experiencing significant problems with our IT and telephone network.”
Needless to say, this caused quite a commotion and endangered some patients’ wellbeing. The NHS released a statement that the infection was caused by a variant of the WannaCry ransomware, which was called the Wanna Decryptor.
The ransomware threatened, “Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.”
Because computers in the NHS hospitals had to be shut down, people were told to avoid visiting hospitals unless they really have an emergency. The Department of Health, NHS England, and the National Cyber Security Centre of the UK also had to work double time to provide support to affected hospitals.
A Security Researcher Accidentally Came to the Rescue
WannaCry’s spread was temporarily halted by what many people online are describing as an “accidental hero”.
British Marcus Hutchins, who works as a cybersecurity researcher, was reported to be the one who stopped the malware in its tracks. He noticed that the malware program was querying an unregistered domain, most likely so hackers can track its progress. Hutchins decided to register the domain, which stopped the virus from further spreading.
He did all these while in a small room in his parents’ house located on the north Devon coast. Apparently, he has an in-home and self-assembled IT hub and analysis environment. With his own computers and servers, he managed to reverse engineer the ransomware’s code and found the unregistered domain. Registering that domain was a genius move on his part.
WannaCry Mutates and Gets Rid of the Kill Switch
While Hutchins’ lucky-break solution was certainly very helpful, recent reports state that various versions of the WannaCry ransomware have mutated. Hackers were quick to update the virulent program, getting rid of its vulnerability.
According to Heimdal Security researchers, the new variant is called Uiwix and it is potentially more damaging. This takes advantage of the same Windows OS weakness that WannaCry did. Researchers anticipate that this is just one of the first mutations out there and there are bound to be more.
Be Aware and Boost Your Computer’s Defenses
As of now, the WannaCry ransomware continues to travel from one computer to another across the world. Its widespread disruption should not be taken for granted. Everyone who is using an older Windows OS version is highly advised to upgrade their systems with the most recent security patches.
Please read our guide as well on how to protect yourself from WannaCry and what to do in case your device is infected.