Just recently a massive ransomware virus attacked thousands of PCs of private companies and public organizations across the globe. Ransomware attacks are not new, but the speed and vast proliferation of the virus alarmed the experts worldwide. Within a few hours, the malware infected victims in 74 countries, including Russia, Turkey, Germany, Vietnam, and the Philippines, and it is likely spreading at a rate of five million emails per hour, said, experts.
Attack of the virus, named WannaCry, was first of its kind in terms of how large it was. Authorities are trying to find out who could be behind the string of attacks, and whether they are connected.
Here are some key facts about the virus that have come into the light so far.
What does WannaCry do?
WannaCry is a ransomware; following its attack users can't access their files on their PCs and hackers do not release the PC safely until the users pay the asked amount of money. WannaCry and its variants like Wana-Crypt and Wanna Decryptor target computers that use Microsoft's Windows operating system.
How does it enter the systems?
WannaCry creeps into a PC by e-mail. Hackers send an e-mail to the user usually containing a zip folder. If the user opens it the virus spreads into all the programs of the computers and locks them down. Once the whole system is locked down the user can only access two files – instructions on what to do next and the virus program.
What was so scary about this ransomware?
Not just small companies or enterprises, this ransomware managed to attack and disrupt the PCs of organizations like National Health Service, global shipper FedEx in the United States and the Russian Interior Ministry and their affairs were affected. This virus has been designed as a "worm", which means it can automatically spread to other computers on the same network.
How to protect your computer from this or any other kind of ransomware?
Microsoft has quickly issued automatic Windows updates to defend its clients from the attack. And to be safe from other similar kinds of attacks users should always use a trustworthy antivirus software and a firewall, backup files in a separate system and set a popup blocker. Do not click on a link or e-mail without being absolutely sure and report it as soon as you see anything suspicious. Users, who receive a ransom note should disconnect the computer from the Internet and alert the authorities, so that, other computers in the same network can be saved.
What was the source of this virus?
The NSA first discovered the flaw in Microsoft's Windows operating system that let them develop a way to hack or gain access to, computers used by terrorists and enemy states. The virus and a tool to exploit it with malicious software were made public last month by a hacker collective known as Shadow Brokers.
Who was/were responsible for this attack?
So far, no one has claimed the attacks. According to experts, it could be a large group of cyber criminals or even a Chinese or Russian state-sponsored hackers' group.
What do these hackers want?
The attackers are asking for US$300 (S$418) to US$600 in bitcoin as a ransom to free the PCs. Hackers are threatening the users that if they do not pay within the set deadline they will delete all the files on the users' systems, however, governments are asking the citizens not to pay the ransom, as it would encourage the hackers to go for more such attacks.