Last week, 200,000 computers worldwide faced a massive ransomware attack that could potentially be the first of many according to security experts.
The attack known as “WannaCry,” went on for a day before malware researcher, Marcus Hutchins was able to stop it but not before it reached hospitals, big businesses, and everything in between. By the time it was halted many workers were not in their offices because of the attack.
Since the attack has been stopped, at least two new variations of the malware have been detected.
Outdated software like Windows XP or Windows Server 2003 are especially at risk for an attack which is why it is important to update your computer. All it takes is one computer on a network to be infected for all computers to be at risk. The malware spreads like a worm by scanning any device liked to the system with the same defect and latching on through a vulnerability in Microsoft systems.
The malware downloads into infected computers through an encryption package and locks up all of the machines’ files and can only be recovered through a payment of $300 to $600.
Microsoft has responded by sending automatic updates to systems to block the worm, however, smaller companies with smaller technology staffs are unlikely to have blocked the infection before Microsoft responded, according to Proofpoint Inc.
The two new versions of the worm are expected to get passed the temporary fix, according to security specialists. Security specialists such as Hutchins are preparing for a second attack to stop it before it does any more damage.
This attack is such a huge deal because it has hit places like hospitals, universities, transportation systems, and gas stations. This leaves the public’s information very vulnerable which creates a link between the two most pressing forms of cybersecurity threats; nation-state action and organized criminal action.
You will know right away if your network is infected because you will see a popup that says “Ooops, your important files are encrypted.” These files are your most commonly used files including .mp3 audios, png. and jpg images, .doc and .txt documents, and any other important, commonly used file. Additionally, the worm detects backup files, leaving you unable to restore older, safe versions.
The encrypted files will have the extension .WCRY at the end of the file name. Experts have advised instead of clicking “check payment” or “decrypt” you should download and install Microsoft patch MS17-010, available to Windows systems from Vista to newer operating systems.