Skip to main content

WannaCry ransomware: Everything you need to know

Businesses around the world have been hit by a hugely damaging cyber-attack.

The WannaCry ransomware first emerged on Friday and has continued to affect organisations across the globe, including a number of NHS trusts in the UK.

Spread by a fault in outdated Microsoft software, the ransomware has many users fearing for the safety of their devices and the files within, but what do you need to know about this new threat?

What is WannaCry?

WannaCrypt, aka WannaCry, is a powerful new strain of ransomware.

Once downloaded onto a victim's PC, the malware encyrpts all the files it finds, and demands a ransom to free them back to the user.

Victims are seeing a demand for $300, or $600 worth of Bitcoin, in order to unlock their devices.

First spotted on Friday morning, the infection quickly spread around the world, and has so far affected at least 200,000 devices.

However the source of the virus still remains a mystery - for now at least.

What has caused it?

WannaCry appears to exploit a bug in older versions of Microsoft Windows, which are still used by many businesses of all sizes, despite no longer receiving security support from the company.

This includes companies running the hugely outdated Windows XP software, as well as Windows 8 and Windows Server 2003.

Utilising the leaked NSA cyberspying tool EternalBlue, the ransomware hijacks the filesharing capabilities of Microsoft's software to quickly spread to any devices on the same network as the initial victim.

The flaw appears to be a security issue that was patched by Microsoft for the newer versions of Windows back in March, although Windows XP was not included in this after the company suspended support for the software back in April 2014.

Microsoft has now issued a patch that it says fixes the issue across the affected software, and is urging anyone still affected to update immediately.

Who has been affected?

As it stands, companies and organisations in around 150 countries have been affected by the ransomware, according to the BBC.

Along with the NHS, where 48 English and 13 Scottish trusts have so far reported issues, with some having to divert ambulances and even cancel operations.

Several trusts are still seeing problems this morning, with patient records unavailable, and doctors unable to access databases of test results, potentially putting lives at risk.

However the ransomware has hit several major global companies, including FedEx, Telefonica, Nissan, Deutsche Bahn and Hitachi.

Public sector organisations have also been hit, including the Russian interior ministry, Indian state police, and several major Chinese universities, government agencies and hospitals.

The sheer scale of the attack suggests that no-one is safe, no matter the size of your business, so it's best to stay on your guard.

Is my PC at risk? What do I need to do to stay safe?

Due to the far-reaching spread of WannaCry so far, any device that uses the affected versions of Windows without Microsoft's new patch remains at risk.

If you or your business is still running the aged software, your first step should be to download and install the Microsoft update right now.

This should protect you against the ransomware - for the time being at least.

Of course, staying vigilant against cyber threats can also be relatively simple, as you can protect against your device being infected by monitoring all your emails.

You should never open attachments in emails that come from unrecognised senders, even if they claim to be important documents.

In fact, emails originating form unfamiliar domains or with issues such as mis-spelt names or subject headers should automatically be viewing with suspicious.

Ensuring that all your software, including your security protections, is kept up to date, will also help your devices stay safe against a wide range of threats.

What happens next?

The attack was initially halted by a UK blogger acting under the pseudonym MalwareTech, who realised that by registering the domain that the ransomware was trying to contact, he could help activate a hidden 'kill switch' that would stop the spread.

However the timing of the original attack suggests that the pain may not be over just yet.

The fact that the worm spreads across networks via file-sharing services such as email means that today could see another spike, as people returning to work after the weekend may inadvertently cause further infections.

Microsoft's launch of a patch should help halt much of the spread, meaning that previously vulnerable editions should be able to stay protected.

Hopefully the glut of media attention given to the attack over the weekend, with news hitting front pages across the world, will cause many businesses to update their systems and ensure an attack like this is never allowed to happen again.

Mike Moore is Deputy Editor at TechRadar Pro, and has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and ITProPortal.