WannaCry: What you need to know about the cyber-attack

15 May 2017

The cyber-attack with the ransomware known as "WannaCry" has since 12 May been infecting computers throughout the world with a crypto-trojan which encrypts and then locks the data of the affected computers. Estimates of the total number of victims run to over 220,000 in some 150 countries. Europol, the law enforcement agency of the European Union, has been talking in terms of an “unprecedented” attack that requires international investigation. In Germany, the Federal Criminal Police Office has already started its investigations. #explore answers the most pressing questions:

“WannaCry” is the most common name for the recent cyber-attack using a malicious ransomware program. Other names include WanaCrypt0r, WANA Decrypt0r 2.0, WCrypt, WCRY and WannaCrypt. The term WannaCry involves a play on words on “cry” and “decrypt”.

Computers across the globe have been infected with malicious software – since then, extortionists have been demanding that those affected pay a ransom in the digital currency Bitcoin. To date, roughly 130 victims out of an estimated total of 220,000 have paid out ransom money to the tune of about 30,000 euros. "WannaCry" has thus caused enormous global damage without so far paying off in pecuniary terms for the attackers.

With a malicious ransomware program, hackers and cyber-criminals extort money from their victims by encrypting and locking private data on third-party computers. The attackers demand a ransom for the release of the data. There are many other names and spellings for ransomware: extortion trojans, encryption trojans, crypto trojans and also cryptotrojans.

Computers around the world with the Microsoft Windows operating system have been affected by the “WannaCry” ransomware. As things currently stand, Russia, Taiwan and Ukraine have been among the main targets. Exactly how much damage the extortion software has caused in those places is not yet known. The Russian Interior Ministry has at least confirmed the attack. The impact of the attack was particularly dramatic in the UK: Many hospitals have been affected — important medical data were encrypted and locked by the hackers. According to press reports, many patients could not be treated and even had to be sent home. In Germany, the computers of the national railway company Deutsche Bahn were affected, and timetable boards and ticket machines went haywire.

The police have appealed to those affected not to make any payments to the extortionists. First of all, there is no information to indicate whether the victims have actually been sent a key in return for the payment with which they can unlock their data. Experts assume that the data will not be recoverable from infected systems unless they have previously been backed up. Furthermore, it is unclear who is behind the attacks.

The software patch released by Microsoft on 14 March stops the proliferation of the extortion program. The security update fixes the vulnerability and resolves the issues. There is an even an update for the Windows XP operating system, support for which was terminated by Microsoft some three years ago. Microsoft users should therefore immediately install the latest security updates. The current vulnerability has been known about for months, and the corresponding security updates are available. Experts strongly advise users to apply them.