News about a particular malware attack called WannaCry ransomware has been on-going for a while now.
This ransomware which affects Windows OS, encrypts a user’s data (that means the person’s apps stop working and he can no longer access his files), then demands payment in exchange for unlocking the data. The malware has been demanding users to pay $300 in Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Then it threatens to delete files within seven days if no payment is made. The attack which started on Friday, has been spreading through email and translations of the ransom message in 28 languages are included.
According to European authorities, over 10,000 organizations and 200,000 individuals in over 150 countries, have been attacked. Among the organisations targeted worldwide have been FedEx, Germany’s rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, and also UK’s National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.
On Saturday, a 22-year-old security researcher known as MalwareTech on twitter inadvertently slowed the spread of the WannaCry virus when he registered a domain name hidden within the virus’ code in an attempt to track the spread of WannaCry, unintentionally stopping its progress in the process. But he warns that another attack is likely coming soon.
Microsoft also released a software update that fixes the problem for the flaw in March, but computers that have not installed the security update remain vulnerable. All Windows OS users have been advised to install the patch to avoid being attacked. Specifically, Windows users with machines that run Windows XP, Windows 8, or Windows Server 2003 should immediately install the security update. Also, you should stop clicking links that you don’t trust, and stop downloading software from unknown sources.
For now, no one knows who is behind the attack but Microsoft says that the tool used in this current attack had been developed by the US National Security Agency and was stolen by hackers.