Internet Security

WannaCry Ransomware Hits Computers Globally. Here's What You Can Do.

Written by Brian J. O'Connor for Symantec

The global computer threat that came from the WannaCry ransomware attack appears to be somewhat under control after several days, but don’t relax: Experts say ransomware is a burgeoning business that won’t be going away anytime soon.

What is ransomware?

Ransomware is a type of malicious software, or “malware.” As the name implies, it’s intended to force a payment—or ransom—by the victim to the person who launched the ransomware attack. The attacker can use a variety of methods to load ransomware on to the victim’s computer. Often, the ransomware will encrypt, or “lock,” the computer’s files, so that they cannot be opened or used. The attacker usually includes a message as part of the ransomware, asking the victim to pay a fee for the “key” to unlock the files. Payment doesn’t guarantee that the attacker will provide the key. In fact, once the victim shows a willingness to pay the ransom, the attacker may ask for additional payments.

To avoid having to fork over cold hard cash to hackers, you need to stay current on your computer operating system updates and patches, as well as your application software. It’ll also be vital to stay familiar with whatever new attacks and hacking methods come down the web because hackers are bound and determined to find new ways of exploiting security flaws.

Viruses and other types of computer and network hacks can range from harmless pranks—say, a gang of geeks who just want to see if they crack your home network—to the straight-up malicious—like an organized group of haters that wants to shut down a company website. But ransomware is all about the money. Once the attack takes place, your machines or data may become unusable until you cough up the cash, if you’re lucky.

Ransomware attacks are on the rise

According to research by LifeLock parent company Symantec, the number of ransomware detections increased to 463,000 in 2016, up 36 percent from the previous year. How many other attacks went undetected or unreported is anyone’s guess. And 69 percent of all ransomware infections detected affected consumers.

[Full Disclosure: Symantec is the parent company of LifeLock and Norton and sells digital security solutions. This article, however, is educational in nature and not designed to promote those or any other services. Our goal is to inform readers, and empower them to make smart decisions in general.]

“Ransomware is a very fast-growing industry,” says Keith Barthold, a cyber security expert who’s CEO of DKB Innovative, which services small and medium-sized businesses in the U.S. and internationally.

“In 2016 ransomware was reported to be a $1 billion industry,” Barthold adds. “We’re seeing a new wave of career hackers and foreign nationals that are profiting through ransomware.”

WannaCry and Windows

The WannaCry ransomware spread globally by using a bug in the Windows operating system, explains Vikram Thakur, a technical director on Symantec’s Security Technology & Response team. The bug was exploited by tools developed by the federal National Security Agency that were contained in documents dumped online by hackers this April. The WannaCry hackers identified the bug, then exploited it for their own purposes.

Although Microsoft had issued a patch that would block the bug, patches only work if they’re installed. In addition, many of the systems hit were running earlier versions of Windows where patches hadn’t been issued until after the attack. And many times, the decision to skip an upgrade isn’t simply the result of being uninformed or lackadaisical about online security.

Patches and updates

“You’ve got to think about the billions of devices and people online, and the millions of decisions that result in whether people decide to apply patches or not,” Thakur says. “Take the case of developing countries, where someone is using a slow cable or even dial-up connection. When they get a notification from Windows that it wants to download hundreds of megs of patches for the month, there’s no way they’re downloading that amount of data. They just turn the update off.”

Even on well-maintained business and corporate networks, installing security patches isn’t as simple as clicking a button, Thakur adds. Many if not most individual business units might be running unique custom applications written for a business function, and there’s no guarantee that automatically applying security patches won’t conflict with the application and knock that function out. That means testing any patch against all unique applications across the entire network, a lengthy process that ties up information technology staffs and can take months.

“It takes time, and the bad guys are trying to leverage that long timeline to their own benefit,” Thakur says.

While individual home computer users are susceptible to WannaCry, file-sharing networks, such as a company’s shared drives for documents, were a lot more fertile ground for the attack. Previous ransomware efforts needed to target specific machines or users that shared files locally, or by using online applications. WannaCry acted like a virus, autonomously jumping from machine to machine to infect the entire network, which is entirely new for ransomware.

WannaCry impact

The attack that started May 12 is estimated to have hit more than 150 countries and more than 300,000 computers as of May 15 at a potential cost of as much as $4 billion, according to the risk modeling firm Cyence, but the hackers aren’t raking in big bucks—Bitcoins, actually. The first ransom demand was $300, which later doubled to $600. But, after several days, less than $70,000 of Bitcoins—the untraceable Internet currency—had been transmitted by desperate users. The many victims who refused to pay ransom will either rebuild their data from backups or lose it. 

4 ransomware protection tips

Ransomware hackers are nothing more than thieves—and like all thieves, they’re looking for fast, easy scores. You don’t need perfect security to defend your house against burglars—simple things like turning the lights on when you leave, having alarm stickers, or buying a dog will send a thief looking for an easier mark.

The same goes for your computer. Besides backing up all your data in case of an attack, security experts recommend these tactics to discourage ransomware attackers:

  • Don’t run an outdated version of Windows. If a thief finds a flaw in an operating system that isn’t still supported, they know Microsoft isn’t likely to fix it. You don’t have to be on 10, but at least run 7.
  • Don’t run very old versions of software, for the same reason. Newer versions—and updates to still-supported older versions—are intended to address the latest security vulnerabilities.  
  • Don’t click on anything in email, unless you know the sender—or just authorized something (like a password reset) be sent to you.
  • If something tells you your account has been hacked, don’t click on any email link. Call the company where you have the account to confirm. Or open a browser and go to the company’s website to look for an announcement page.

“The biggest take-away from WannaCry is to be prepared,” says Barthold of DKB Innovative. “Cybersecurity isn’t the kind of thing you can wait on, and it’s only going to get worse.”

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Start your protection,
enroll in minutes.