Imagine a thief sneaks into your house while you have gone on holiday, changes the locks and leaves you a note instructing you how you can get into your own house. The thief demands that you wire some money to a secret bank account before they can grant you the only keys that can unlock the main door to your house.
If there’s nothing important in your house, then you might just forget about this thief’s demands. But if you have family treasure in there, then you will do exactly what the thief wants. Local police can’t help because they have no idea about the whereabout this particular thief.
On Friday 12th May 2017, a ransom-ware called WannaCry went on overdrive around the internet spreading to thousands of computers in well over 70+ countries potentially breaking businesses and government organizations to a halt. The Ransomware is reported to have affected telecom companies like Telefonica in Spain, or healthcare authority like the NHS in England.
The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. On March 14, Microsoft had released a security update to patch this vulnerability and protect people whose computers run on Windows. Newer updated versions of the Operating systems that had updates enabled became safe, however, those running old versions of Windows especially XP, Vista are still very much in danger.
How Ransomware works
The analog I have used in the opening paragraph of this article will suffice for non-tech savvy users, but in technical terms, Ramsomware is a malicious piece of software that hijacks a device such as computer, smartphone, tablet and demands a ramsom usually financial to unlock it.
Related post: Ransomware: The new Cybercrime Frontier
First documented in 2005, Ramsomware has since garnered popularity among cyber criminals who now prefer it over traditional viruses because of the benefit they get from redeeming ransome.
Ramsomware is spread via flash disks or email attachments which often come from unsuspecting senders whose email accounts have been compromised. When this Ramsomware or Malware is downloaded to the victim’s computer, it encrypts all its targets files with a secret code only known to the criminal.
The criminal then demands financial ramsom paid through Bitcoin address for the victim to gain access to their now encrypted files.
What is Bitcoin
Bitcoin is a form of digital currency, used to make payments of any value without fees. It runs on the blockchain, a decentralised ledger kept running by “miners” whose powerful computers crunch transactions and are rewarded in bitcoins.
Invented by an anonymous internet user Satoshi Nakamoto, Bitcoin has seen a rapid rise in transactions which by 2016 amounted to 16 million. In March 2017, the value of a Bitcoin, at $1,268, exceeded that of an ounce of gold ($1,233) for the first time.
Free from government control and bank charges, bitcoin has been used to make private, anonymous transactions, and it’s the payment of choice for drug deals and other illegal purchases.
How to protect yourself from WannaCry
- Before you even start anything, unplug your computer from the internet and IMMEDIATELY BACKUP your files to an external hard drive or on the cloud.
Related Post: Backing up your data in 4 easy and inexpensive ways
- Do not open any email from suspicious senders. Do not download any attachments from users you do not know. Also make sure that your email server runs anti-virus scans for files send to it.
- Microsoft released an emergency patch (KB4012598) for unsupported version of Windows (Windows XP, 2003, Vista, 2008). Click here to see how to apply the patches.
- Connect to the internet, turn on Windows automatic updates. This should pull the latest patches released in March for this vulnerability.
- Immediately run updates for your Anti-virus and run a full anti-virus scan for your computer.
- If attacked, do NOT pay Bitcoin ransom to the cyber criminals as this will just encourage them to keep doing their attacks.
Cybercrime is on the rise. It’s responsibility of not just major vendors like Microsoft to fight cyber-criminals, but governments and yourself. So take charge of your data now.