Ransomware that makes you WannaCry

The Internet was attacked on Friday, May 12, 2017, by a fast-spreading piece of malware that asks infected users to pay up if they want to see their data again. It has already affected 200,000 victims in 150 countries. This kind of software, which is called ransomware, encrypts the data on a user’s computer and requires that the user pay a ransom to decrypt it. Ransomware is not new, having infected millions computers since 2005. WannaCry distinguishes itself, however, by how fast it has spread and by the importance of machines it has targeted.

WannaCry (which is short for “Wanna Encrypt”) spreads through a vulnerability in Microsoft Window’s SMB service. SMB, which stands for “Server Message Block”, facilitates the sharing of data primarily on Windows networks. Although Microsoft had fixed the SMB vulnerability in a patch it made available in March, many users had not installed the patch, meaning that their systems remained vulnerable. And, in fact, older operating systems, such as Windows XP – which Microsoft no longer supports – could not have been patched ahead of time. Unfortunately, as SMB is enabled by default on most Windows operating systems so that users can more easily share files and printers, those who had not patched or could not patch their systems because they were no longer supported were completely susceptible to the attack. Because too many people turn off automatic updates or reject updates when they are available, or because they continue to use an operating system that Microsoft no longer supports, the vulnerability has spread easily to all of these computers that remained susceptible to it.

Why don’t users update their systems when patches become available? Sometimes, it’s simply because we’re too busy to be bothered with installing new software, or because the prospect of installing new software sounds complicated and unnecessary. Sometimes, though, we don’t install new software patches because of the risks. Certainly, software updates can break our systems: they might not work with our printers or game controllers, or they might disrupt our ability to connect to other computers in our home. Actually, these incidents of things breaking because of a patch are statistically unlikely, but they seem more probable than that because of the frustrations they fuel when they occur. For mission-critical systems, however, which absolutely must function correctly for the safety and security of users, there are more compelling reasons for not upgrading to the latest patches. Such systems, which use software that integrate with customized equipment, must continue to communicate with that customized equipment. If the vendor hasn’t updated the equipment to work with the latest operating systems, then the owner must continue to use the older, unpatched operating systems. Otherwise, if they upgrade, they run the risk of no longer being able to inter-operate with the equipment on which their system depends.

Industries that depend on hardware-software systems, such as the electric power grid and hospital and health care systems, often don’t have the luxury of upgrading their systems whenever a new patch comes around. And that partially explains why WannaCry has been so effective: even if the vendor (Microsoft) recognizes and fixes a problem, if we can’t afford to take advantage of it, then we remain susceptible.

Assuming you aren’t responsible for a system that relies on hardware that commits you to using an unpatched operating system, there are simple things you can do to protect yourself. Do any of the following:

  1. Enable automatic updates so that your operating system is updated when Microsoft finds problems and fixes them.
  2. Upgrade to Windows 10.
  3. Disable Microsoft’s SMB service.

And make sure you back up your data. If WannaCry encrypts your data, but you have an unencrypted backup, WannaCry’s impact on you will be limited. All you’ll have to do is restore your unencrypted data from your backup. Most people will find it easiest to back up their data to the Cloud rather than use their own external flash drives or hard drives. Services like Dropbox and OneDrive make backing up your data a no-brainer, as they automatically upload and download file updates when they occur.

Most users can easily protect themselves from this fast-spreading ransomware. Make sure you protect yourself now. It’s a lot easier to prevent the attack ahead of time than to try to recover your data once WannaCry encrypts it.

About Ray Klump

Professor and chair of Mathematics and Computer Science Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

One thought on “Ransomware that makes you WannaCry

  1. October 1, 2018 at 12:05 am

    I get this updates when they are available, or because they continue to use an operating system that Microsoft no longer supports help me to updated thanks for gather such information to us.

Leave a Reply

Your email address will not be published. Required fields are marked *