Today, I want to talk about what happened over the weekend, the ransomware cyber-attack. This took down not only a large number of NHS organisations, but also 200,000 machines in 150 countries since Friday.
Who has been affected?
61 NHS organisations (UK)
Telecoms and gas companies (Spain)
Some Renault factories (France)
1,000 of its computers (Russia’s interior ministry)
Nissan and Hitachi reported some units had been affected (Japan)
Three small-to-medium sized businesses (Australian)
Small number of unconfirmed incidents (New Zealand)
PetroChina said that at some petrol stations customers had been unable to use its payment system (China)
and many more citizens and businesses around the world
This is a developing story, so these numbers may change and were correct as of 15/5/17 at 5:30 pm.
What has happened?
From what we understand a ransomware known as Wanna Decryptor or WannaCry has taken over machines by incepting the data on their hard drives and requesting $300 (£230) payments to restore access to the user's files.
So far we don’t know how this software was distributed. However, the most likely way is by e-mail phishing. This is where an attacker will send you an email pretending to be from a trusted source, maybe a bank or a well-known website. If you click on a link in that email it will download the software to your computer without your knowledge.
What should I do to protect myself?
First things first, always have a back-up of your data, whether it be using software which backs up your data or simply copying your data to external hard drives and pen drives regularly. You should also make sure you have installed all the security patches from your operating systems provider, for Windows, this is called Windows Update and for Mac, these will come via the Mac App store (so far I am not aware of any Mac’s being affected by these particular attack as the current ransomware targets Windows machines).
The most common way this kind of software is distributed is via email, always be wary of emails you were not expecting, check the sending email address as they try to use an email address which is similar to the company they are pretending to be from, look at the layout of the email, does it look professional, does it look like other emails you have received from that company before. If you are unsure in any way, don't click the link.
You should also not download or install software which hasn't been verified and provided by an official store, such as the Windows Store, Mac App Store, Google Play, Apple App Store, etc.
The vulnerability does not exist in Windows 10, the latest version of the software, but is present in all versions of Windows prior to that, dating back to Windows XP. If you are running Windows XP, you should upgrade to Windows 7, Windows 8 or 10, as Microsoft has not been supporting Windows XP for a few years now.
You should also be running up to date anti-virus software as more and more antivirus platforms, including Microsoft’s own Windows Defender, are now recognising and blocking the ransomware.
Should you pay?
My advice is not to as you are dealing with organised crime and they are very unlikely to actually unencrypted your data once you pay. If you do pay, it just gives them the incentive to do it again and again as this money is likely to go towards funding organised crime. However, you have to decide how important your files are to you, it's a personal choice.
Want to know more?
As well as keeping up with trusted news sources as this story is still developing, If this kind of cyber crime interests you, as it does me, I also recommend watching a show called 'CSI: Cyber' as this show goes into details about how these kind of attacks work, in an entertaining and dramatised way. So you can be educated on cyber attacks at the same time as being entertained.