Since Friday, more than 200,000 victims across 150 countries have been hit by the “WannaCry” computer virus attack that freezes computer files and demands a ransom payment.
And Europol Director Rob Wainwright said, “ … I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.”
The “WannaCry” cyber strike from anonymous hackers has been using what is known as “ransomware” to freeze operating systems and demand an online ransom payment (roughly £1k) in Bitcoin.
In the UK, 48 NHS Trusts have been the most high profile victims. Patients were turned away from GP surgeries and hospitals, and operations were cancelled.
But the spread of the WannaCry virus has been slowed accidentally by a UK tech expert who wants to remain anonymous. Known only by his Tweet handle of @MalwareTech, the 22 year old accidental hero registered a particular domain name related to the virus on Friday – not knowing that, by chance, the virus was set up to check the status of that particular web address and only jump to another computer if the address was unreachable. With that domain name now registered, the WannaCry virus stopped moving on. But it hasn’t died out altogether.
The virus exploits a weakness in Microsoft Windows which Microsoft patched in a March 2017 security update. But many systems will not have been patched since then, and older systems like Windows XP are no longer supported by automatic security updates.
And the new issue, @MalwareTech told the BBC, is that the hackers behind WannaCry will be quickly rewriting the virus so it works without the domain name flaw that he accidentally exploited by registering the domain name;
“”There’s a lot of money in this. There’s no reason for them to stop. It’s not really much effort for them to change the code and then start over.”
So what do the rest of us do in the meantime? @MalwareTech tweets: “”Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP”.
Go to Microsoft’s “Customer Guidance for WannaCrypt attacks”.
Whatever your operating system, don’t open any emails or email attachments unless you are certain of where they are from. Make sure your virus software is up-to-date.
If you do get ransomed, experts say you should not pay the ransom because, apart from anything else, you can’t be certain that your files will be unlocked even if you do. Seek help from a friendly encryption expert – that’s the official message, which won’t come as much comfort for those with blocked computer screens.