What is ransomware and how do I protect my PC from WannaCry?
Everything you need to know about ransomware including the WannaCry attack, how to protect your PCs and laptops and what to do if you’re affected.
We explain how ransomware works and how to make sure your files stay safe
On Friday 12 May and over the weekend, thousands of computers were attacked by malware called WannaCry, also known as WCry, WannaDecryptOr and WannaCrypt. It’s ransomware and stops you from accessing any files on the ‘infected’ computer until you pay the ransom. NHS computers were infected in the UK by the attack (but not specifically targeted), along with computers in over 100 other countries including those owned by FedEx, Renault and others.
What is ransomware?
It’s a malicious program that’s like a computer virus.
It’s designed to scan your hard drives and encrypt as many files as it can so you can’t access them. The files are still there and you have to pay a sum – the ransom – in order to get your files back. This is usually done via Bitcoin, as it’s anonymous. Related article: Best antivirus 2017
Sometimes, manual human intervention is required of the hackers to decrypt your files once you’ve paid. But since you’re dealing with criminals, there’s no reason to think they will do what they promise. So most experts recommend you don’t pay.
New wave of malware coming
As we explain below, WannaCry seems to have been halted but the group responsible for leaking the vulnerabilities – Shadow Brokers – has said it will leak more in June.
A Reuters report outlines the blog post from the group which says it is “setting up a monthly data dump” that it will sell to anyone willing to pay. It says that the exploits will enable criminals to code malware that will break into web browsers, phones, routers and Windows 10 systems. Microsoft is preparing a response, but you can use our tips below to help keep your computers and files safe.
How does WannaCry work?
Like a lot of malware, it can arrive as an email attachment.
This method relies on computer users opening the attachment, or clicking on a link in an email, which causes the program to run. People often open these attachments or click links out of curiosity, because the sender is someone in their address book. WannaCry then encrypts all the files and documents on the computer so the user cannot open them.
It displays a message saying “Ooops, your files have been encrypted!” and says you have three days to pay a £300 or £600 ransom.
Which versions of Windows are affected?
If your computer runs Windows 10, it wasn’t targeted by WannaCry according to Microsoft’s blog post. Also, up-to-date Windows 10 PCs would have been protected from the attack in any case. The same security update, released in March, would have protected Windows Vista, Windows 7 and Windows 8.1 systems, as long as you had automatic updates turned on (which is the default).
Only older versions of Windows which are no longer supported were vulnerable, including Windows XP and Windows 8. It’s worth noting, though, that in general home users should not be affected by this particular piece of ransomware. It mainly targeted computers running the business version of Windows, specifically those using the SMB network file system.
How can I protect my files from WannaCry?
You can check if your computer has the necessary patch installed using this free tool which you can download from our German sister site PCWelt (the tool is in English). If you have Windows Update enabled on other versions then you will already be protected against WannaCry and any other attacks which use the same vulnerability. If you’re not sure, then open the Control Panel (you’ll find a link in the Start menu) and search for Windows Update.
Click through to Windows Update and you’ll be able to check if it’s enabled or not. There should be a button ‘Check for updates’ which you can click to force Windows to search and install critical updates. In theory, the threat is over because an “accidental hero” registered the website he found in WannaCry’s code and put up a page which seems to have triggered the malware’s kill switch.
Infections have dropped right off. But this doesn’t mean you sit back and consider you’re safe.
Of course, as we always recommend, you should have at least one (if not two) copies of any files you can’t afford to lose. Photos, home videos, financial documents and other files that can’t be replaced should be backed up regularly.
Ransomware is often clever enough to scan your home network and infect other computers and even network storage drives (NAS drives) so it’s really important to make a backup on an external hard drive that you disconnect and keep safely somewhere. You can find our pick of the best backup software here.
Don’t open attachments
You, as the computer user, are often the weak link in the chain. Windows and antivirus software – see below – can help to protect you from ransomware attacks, but you can help yourself by being extremely cautious about which email attachments you open and which links you click.
Typically, emails from hackers won’t contain a personal message, or it will be so generic that you can’t be sure it’s really from the person in the ‘sender’ field. In WannaCry’s case, at least some of the emails pretended to be an important email from a bank about a money transfer. Either just delete the email, or call the sender and ask them if they sent the email and what is in the attachment, or on the other end of the link.
Unless you are absolutely sure the attachment is safe, don’t click on it.
Won’t antivirus software protect me from WannaCry?
Most but not all antivirus software now contains ‘anti-ransomware’ that should help protect your PCs and laptops from WannaCry and other ransomware. That’s why it’s important not to rely just on Windows’ own security but to add an extra layer of protection. Check out our list of the best antivirus to make sure you’re running one of our recommended packages.
My PC is infected with WannaCry. What should I do?
First, don’t pay the ransom. It only encourages the criminals – getting paid is their end game.
Some security experts predict there could be a free ‘fix’ to decrypt the files in a few days and remove the malware.
There’s no guarantee you will get your files back even if you do pay.
- ^ see more by Jim Martin (www.pcadvisor.co.uk)
- ^ ransomware (www.pcadvisor.co.uk)
- ^ Bitcoin, (www.pcadvisor.co.uk)
- ^ Best antivirus 2017 (www.pcadvisor.co.uk)
- ^ Reuters report (www.reuters.com)
- ^ Windows 10 (www.pcadvisor.co.uk)
- ^ download from the links on Microsoft’s blog (blogs.technet.microsoft.com)
- ^ download from our German sister site PCWelt (www.pcwelt.de)
- ^ best backup software (www.pcadvisor.co.uk)
- ^ best antivirus (www.pcadvisor.co.uk)
- ^ BitDefender (bitdefender.evyy.net)