The emergence of the Wannacrypt ransomware attack worldwide over the weekend has established a number of things. First, people are using very old systems contrary to all sensible advice, and they are using them in sensitive and critical areas like the National Health Service. Second, in spite of upwards of 100 countries being affected, the UK is now the poster boy for ransomware (when sourcing a picture for this article we entered the word “ransomware” into Getty Images and the first handful of images that came up were of Jeremy Hunt.
Whatever the public perception, it’s useful to get an idea of what people might be dealing with. So, as the headline says, what is ransomware?
Ransomware may not do what it says
In its purest form, if that’s a word you can use about a deliberate attempt at sabotage, ransomware is a piece of malware. It encrypts the files on your hard drive(s) and gives you a message on the screen telling you that you will not see your data again unless you hand over some money, generally in the form of Bitcoin or some other difficult-to-trace currency.
This may not be all it does. Over the weekend a number of security analysts were concerned that there was no way of knowing whether Wannacrypt would damage files, corrupting them beyond use even once they were released.
Wannacrypt at least did what it said and encrypted files. The sneakier ones don’t. When you find a message on your screen telling you that your files are encrypted it can be worth restarting your system to see whether it just goes away; sometimes a display is justt a display and it will go away if restarted (you have to conclude from this that malware writers are dishonest, we know it’s shocking). Nonetheless some people will pay the ransom through fear.
Tracking whether your organisation is affected by this form of attack is difficult as we’ve said before. Say a colleague has been doing something they shouldn’t – usually, in the case of ransomware, clicking on a link or attachment from unsolicited email. Ransomware or the appearance of ransomware appears on their screen and their first reaction, rather than confessing to having done something unwise, is to pay the ransom from their own cash and not tell anyone. They are afraid for their job, and meanwhile the malware goes undetected and unreported.
The scale of the problem is therefore very difficult to ascertain, All we know for certain is that it’s big and it was the source of a massive attack at the end of last week. You can be virtually certain there will be more attacks; the response should ideally be twofold. First educate computer users about reporting attacks and being able to make mistakes. Second, if you’re using an operating system released in 2001 and unsupported by its vendor since 2014, stop it. Now.