WannaCrypt: An Overview of 2017’s Biggest Cybersecurity Threat
This past May, a malicious software attack known as WannaCrypt (or WannaCry, depending on your source) hit the computer systems at major organizations and businesses around the globe. WannaCrypt is a ransomware attack. Once it infects a machine or computer system, it encrypts all the data hosted on those machines. (Hence the name WannaCrypt.)
Once the files are encrypted, the attack prompts the owner of the machine or computer system to pay a ransom to unlock the data. The ransom offer has a time limit, giving users a countdown to watch while they consider their next move. The catch is that the ransom price increases as time ticks down. Once the countdown hits zero, WannaCrypt automatically destroys the user’s data.
The WannaCrypt Narrative
WannaCrypt was supposedly discovered first by the National Security Agency, which kept it on file as a possible surveillance tool. When hackers stole data from the NSA and released it on the Internet, WannaCrypt was among the contents. Other hackers then used the exploit to cripple computer systems around the globe.
The initial WannaCrypt outbreak struck on May 12. A web security developer discovered a “kill switch” in the code on May 15, which helped slow the spread of the ransomware dramatically. Microsoft also released security updates patching the vulnerabilities that WannaCrypt exploited. The updates weren’t limited to Windows 10, Microsoft’s current operating system. Indeed, the WannaCrypt threat was so pronounced that Microsoft also distributed protective updates for Windows XP, Vista, 7, and 8. XP and Vista are both no longer supported with regular updates, but Microsoft made an exception for WannaCrypt.
Because of these updates, Windows users with up-to-date machines should no longer be vulnerable—at least not to the initial incarnation of WannaCrypt. Several copycat and variant attacks have appeared since, though none have been anywhere near as devastating as WannaCrypt itself.
Even though WannaCrypt has slowed, it still isn’t entirely gone. On August 21, ZDNet reported that LG Electronics had found WannaCrypt on a “self-service kiosk” in South Dakota. The company took its computer systems offline for two days as a security precaution.
All told, WannaCrypt infected more than 300,000 Windows systems around the globe. 230,000 of those got hit on the first day. Luckily for Mac users, the attack was limited to computers using Windows operating systems. Still, for all users—home or business, Windows, or Mac—the attack has provided a reminder to be vigilant about cybersecurity. Be careful about the emails you open or the files you download, and have data backups ready in case you need to restore your files from scratch.