What is WannaCry ransomware and why is it attacking global computers?

Malicious software has attacked Britain’s health service and companies in Spain, Russia, the Ukraine and Taiwan. What is it and how is it holding data to ransom?

WannaCry malicious software has hit Britain’s National Health Service, some of Spain’s largest companies including Telefónica, as well as computers across Russia, the Ukraine and Taiwan, leading to PCs and data being locked up and held for ransom. The ransomware uses a vulnerability first revealed to the public as part of a leaked stash of NSA-related documents in order to infect Windows PCs and encrypt their contents, before demanding payments of hundreds of dollars for the key to decrypt files. The co-ordinated attack had managed to infect large numbers of computers across the health service less than six hours after it was first noticed by security researchers, in part due to its ability to spread within networks from PC to PC The ransomware has already caused hospitals across England to divert emergency patients – but what is it, how does it spread and why is this happening in the first place?

What is ransomware?

Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it.

How does it work?

When a computer is infected, the ransomware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn’t get paid, often with a timer attached to ramp up the pressure.

How does it spread?

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.

Shocking that our @NHS is under attack and being held to ransom. #nhscyberattack pic.twitter.com/1bcrqD9vEz

— Myles Longfield (@myleslongfield) May 12, 2017

What is WannaCry?

The malware that has affected Telefónica in Spain and the NHS in Britain is the same software: a piece of ransomware first spotted in the wild by security researchers MalwareHunterTeam, at 9.45am on 12 May. Less than four hours later, the ransomware had infected NHS computers, albeit originally only in Lancashire, and spread laterally throughout the NHS’s internal network. It is also being called WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.

How much are they asking for?

WannaCry is asking for $300 worth of the cryptocurrency Bitcoin to unlock the contents of the computers.

There is a new version of WCry/WannaCry ransomware: “WanaCrypt0r 2.0”.

Extension: .WNCRY Note: @Please_Read_Me@.txt@BleepinComputer pic.twitter.com/tdq0OBScz4 — MalwareHunterTeam (@malwrhunterteam) May 12, 2017

For more info click here