Unless you’ve taken the wise step of throwing all electronics in a dumpster and moving to a desert island, you’ve probably heard about WannaCry by now. A bad form of computer virus known as ransomware, it infects computers, encrypts all your files, and then demands you pay a ransom. Don’t pay up, and all your files are lost forever.
With any luck, you’re never going to be faced with the attack. But given that WannaCry infected 200,000 computers before it was stopped, and other, similar viruses are already starting to spread, it’s a good idea to familiarize yourself with what it looks like.
Malware researcher danooct1 took one for the team and installed WannaCry on a virtual machine, so we can all see what the malware looks like. Unlike some other viruses, there’s no incubation period or warning signs: seconds after running the infected file, your PC starts being taken over.
The background of your PC gets turned to “Oops, your important files have been encrypted,” and a pop-up appears in the bottom-right of the screen with a handy FAQ. A text document also appears with information about what has happened, the Bitcoin wallet that you should send payment to, and how to make decryption work.
The main element of the ransomware, though, is a window with a bunch of information about what has happened, links about Bitcoin, and the mechanism for making payment. The confirmation message for payment is anonymously routed through the TOR network, so that no one has any idea who is behind the attack.
For almost everyone, WannaCry looks identical to all other ransomware. It’s a standard formula that’s been floating around for a while. What makes WannaCry so dangerous is how it uses a Windows vulnerability to spread. Once one computer is infected, it starts spreading to other devices on the same network using the vulnerability, rather than relying entirely on users to click on an infected email attachment or dodgy link.
Keeping yourself protected from WannaCry is relatively simple. First, don’t click on any dubious links or open email attachments unless you’re certain of where they came from. More importantly, ensure that you’ve installed all the relevant security patches for your version of Windows. You can type “Windows Update” into the Start menu, open the Windows Updater, and check your update status there. Microsoft issued a patch for this vulnerability back in March, but people are unfortunately slow to update.
To protect against ransomware in general, the best thing to do is to keep a backup of all your important files on a separate system to your main computer. An external hard drive that stays plugged into your main PC is vulnerable: consider using a cloud-based system, or keep your external drive physically unplugged, except when you’re using it.