WannaCry also known as WanaCrypt0r 2.0, WannaCry and WCry is a malicious form of malware called ‘ransomware’.
Once activated the malware will encrypt your computer and/or data and demand payment in exchange for full control of the system.
Find out more about ransomware here
WannaCry first appeared in February 2017 but has recently updated, as seen in the latest attack that has affected tens of thousands of computers in over 75 companies. This iteration of the malware encrypts victim’s files and holds them ransom unless $300 (£230) is paid in bitcoins. This amount will increase in three days, and if still not paid in seven days, the victims' files will be lost.
WannaCry has had such a large impact as it is propagated through a vulnerability in the SMB protocol and utilises this weakness to spread throughout the network, like a good old fashioned worm. This SMB vulnerability has enabled the malware to spread from computer to computer like wildfire without any user involvement.
Who has WannaCry affected?
As previously mentioned WannaCry has affected tens of thousands of computers across the world. The hardest hit organisations include the NHS England, Telefonica, Nissan, Renault, and FedEx – to mention a few. However, as the malware is still spreading, the full impact of the damage caused is unknown.
See below for a map of all infected areas:
How can attacks be prevented ?
The affected computers all have something in common – they don’t have the latest patch update from Windows. All users are urged to ensure they have the latest patch update, if not then to urgently install the official windows patch MS17-010. This latest patch update closes the SMB server vulnerability that WannaCry has been praying on.
Users are also urged to ensure that:
- All their data is backed up securely
- All systems are up to date and supported
- The latest security systems are installed