Knowledge Base
Community

The ransomware cyber-attack, what happened?

guide

Hi Everyone,

 

Today, I want to talk about what happened over the weekend, the ransomware cyber-attack. This took down not only a large number of NHS organisations, but also 200,000 machines in 150 countries since Friday.

 

 

Who has been affected?

 

  • 61 NHS organisations (UK)
  • FedEx (US)
  • Telecoms and gas companies (Spain)
  • Some Renault factories (France)
  • 1,000 of its computers (Russia’s interior ministry)
  • Nissan and Hitachi reported some units had been affected (Japan)
  • Three small-to-medium sized businesses (Australian)
  • Small number of unconfirmed incidents (New Zealand)
  • PetroChina said that at some petrol stations customers had been unable to use its payment system (China)
  • and many more citizens and businesses around the world

 

This is a developing story, so these numbers may change and were correct as of 15/5/17 at 5:30 pm.

 

 

What has happened?

 

From what we understand a ransomware known as Wanna Decryptor or WannaCry has taken over machines by incepting the data on their hard drives and requesting $300 (£230) payments to restore access to the user's files.

 

So far we don’t know how this software was distributed. However, the most likely way is by e-mail phishing. This is where an attacker will send you an email pretending to be from a trusted source, maybe a bank or a well-known website. If you click on a link in that email it will download the software to your computer without your knowledge. 

 

 

What should I do to protect myself?

 

First things first, always have a back-up of your data, whether it be using software which backs up your data or simply copying your data to external hard drives and pen drives regularly. You should also make sure you have installed all the security patches from your operating systems provider, for Windows, this is called Windows Update and for Mac, these will come via the Mac App store (so far I am not aware of any Mac’s being affected by these particular attack as the current ransomware targets Windows machines).

 

The most common way this kind of software is distributed is via email, always be wary of emails you were not expecting, check the sending email address as they try to use an email address which is similar to the company they are pretending to be from, look at the layout of the email, does it look professional, does it look like other emails you have received from that company before. If you are unsure in any way, don't click the link.

 

You should also not download or install software which hasn't been verified and provided by an official store, such as the Windows Store, Mac App Store, Google Play, Apple App Store, etc.

 

The vulnerability does not exist in Windows 10, the latest version of the software, but is present in all versions of Windows prior to that, dating back to Windows XP. If you are running Windows XP, you should upgrade to Windows 7, Windows 8 or 10, as Microsoft has not been supporting Windows XP for a few years now.

 

Users of Windows XP, Windows Server 2003 and Windows 8 can defend against the ransomware by downloading the new patch from Microsoft.

 

You should also be running up to date anti-virus software as more and more antivirus platforms, including Microsoft’s own Windows Defender, are now recognising and blocking the ransomware.

 

 

Should you pay?

 

My advice is not to as you are dealing with organised crime and they are very unlikely to actually unencrypted your data once you pay. If you do pay, it just gives them the incentive to do it again and again as this money is likely to go towards funding organised crime. However, you have to decide how important your files are to you, it's a personal choice.

 

 

Want to know more?

 

As well as keeping up with trusted news sources as this story is still developing, If this kind of cyber crime interests you, as it does me, I also recommend watching a show called 'CSI: Cyber' as this show goes into details about how these kind of attacks work, in an entertaining and dramatised way. So you can be educated on cyber attacks at the same time as being entertained.

 

 

Thanks for reading,
Carl

 

 

Sources:

 

120x120.jpg

Carl produces websites, apps and videos. View his latest work at carlrydings.com


What are you waiting for?
Order your FREE SIM with £5 FREE credit         See our SIM-only deals
12 Comments
apprentice

Advising people not to pay ransomware extortions is good in theory but, as you must know, there have been a number of cases where this has been the only way to retrieve files. Even some (USA) cops have paid up in the past (if memory serves). It depends how important your files are to you. It's the old cliche about "prevention"; it happens to be true.

academic

Useful information, especially the link to the Microsoft patches. 

 

For more details, a site that specialises in technology news, and has published detailed stories about other cyber attacks, including how to protect against them,  is The Register at https://www.theregister.co.uk/

 

I have no connection with the site, just an informed reader. 

 

graduate

I do suggest people don't pay as its quite a small chance you will get your files back even if you do, there are a few of these attacks that aren't actually encrypting your files there just making it look that way. There's also a few tell signs that may help, your computer will slow down ( encrypting and even moving files takes Alot of resources from the computer) when you back up files back the up to a pendrive or external Hard-drive, copying within the same computer can mean the files are still at risk. If you want to really protect yourself you could even move to a Linux based system, Ubuntu and Linux Mint are very very good alternatives to windows and are both completely free 

newcomer

Brilliant post well done 

guide

Good advice. Keep your operating system and anti-virus/malware software up to date and you shouldn't go too far wrong.

novice

 Thank you for an advice

enigma

Good advice there @carlryds

visionary

Thanks for the info and useful links.

maestro

great blog post thanks @carlryds

I wonder how many big companies have been attacked and paid the ransom without telling customers!