It started with U.K. hospitals and has since spread to over 14 countries – the WannaCry ransomware was holding millions of files hostage unless companies or governments pay up.
Security experts say the attack that holds computer data for ransom grew out of vulnerabilities purportedly identified by the National Security Agency (NSA).
READ MORE: Beginner’s guide to protecting your information online
The vulnerability (specifically a SMBv2 remote code execution in Microsoft Windows) was exposed by The ShadowBrokers, a mysterious group that has repeatedly published alleged NSA software code.
Over 45,000 attacks in 70 countries were recorded by Russian security firm Kaspersky — with the most attacks occurring in Russia.
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called it “the biggest ransomware outbreak in history.”
Attacks detected in Canada
In a map provided by Kapersky, Canada appears to be affected, though no company has reported any attacks yet.
Another map provided by Malware Intel also shows attacks in Quebec and Ontario.
Along with the U.K. hospitals, the Russian Interior Ministry is among the victims. A spokesperson said over 1,000 computers were affected in the attack.
Closer to home, FedEx confirmed to Forbes that the U.S. company was a victim of the attack.
There is a fix for the vulnerability — but since many people or companies don’t regularly install updates, or use older versions of Windows, they remain susceptible to the attack.
WATCH: UK PM May says no evidence patient data compromised in ‘ransomware’ attack
How does it work?
WannaCry is a form of “ransomware” that locks up the files on your computer and encrypts them in a way that you cannot access them anymore. Usually your files are held until money is paid to the hackers.
How does it spread?
Ransomware is a program that gets into your computer, either by clicking on or downloading the wrong thing, and then it holds something you need to ransom.
In the case of WannaCry, the program encrypts your files and demands payment in bitcoin in order to regain access.
READ MORE: Dozens of Canadian firms have paid ransoms to regain control of data, study finds
Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.
There are different variants of what happens: Other forms of ransomware execute programs that can lock your computer entirely, only showing a message to make payment in order to log in again. There are some that create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.
How to protect yourself
Ransomware attacks were on the rise in 2016, and Canada was fourth on the list of countries most commonly hit by ransomware and social media scams in 2015, according to security firm Symantec.
READ MORE: Ransomware on the rise in Canada: How to protect your data
The best way to protect yourself from any sort of ransomware is to maintain up-to-date anti-virus or anti-malware software and ensure you are backing up your computer regularly to prevent losing any of your important files.
Since ransomware can be spread by emails, users should be wary of any unsolicited emails or emails from addresses they may not know.
A good way to know if the link provided in an email is legitimate is to check the URL by hovering your mouse over the link — if the email appears to be from a business (say, UPS, for example) and the URL is not the company’s official web address, then it’s likely a fraudulent email.
— With files from Nicole Bogart, Reuters and the Associated Press
Comments