By now you’ve probably heard about the massive, worldwide ransomware attack, WannaCry, that has shut down hospitals and giant telecommunication companies. The attacks died down over the weekend, but not before infecting hundreds of thousands of computer systems.
The attack started as a phishing campaign, with zip files containing malware posing as documents such as invoices, job offers and the like. These were sent to random email addresses, but once a system was infected it was able to attack other systems.
Security experts say the ransomware was able to spread as quickly as it did by using zero-day exploits in the Windows operating system that were made public by a known hacker group called the ShadowBrokers. The weaknesses have since been patched, but people are notoriously slow to apply patches, not to mention that computers using pirated copies of Windows can’t usually update. To their credit, Microsoft even released a patch for Windows XP, which they stopped supporting just over three years ago.
If you are unlucky enough to have your files encrypted by WannaCry, the ransom starts at $300, but the price goes up every six hours and eventually doubles after three days. The hackers threaten to delete your encrypted files if you go a week without paying.
The attack blew up on Friday, but it’s abated greatly since then. The instances of infections were actually been relatively limited in the US, but China and Russia are two countries that were hit pretty hard, likely because of all the proclivity for using stolen copies of Windows.