MENU
Computer screen with html-code
Ransomware

WannaCry: What you need to know about the cyber-attack

15 May 2017

The cyber-attack with the ransomware known as "WannaCry" has since 12 May been infecting computers throughout the world with a crypto-trojan which encrypts and then locks the data of the affected computers. Estimates of the total number of victims run to over 220,000 in some 150 countries. Europol, the law enforcement agency of the European Union, has been talking in terms of an “unprecedented” attack that requires international investigation. In Germany, the Federal Criminal Police Office has already started its investigations. #explore answers the most pressing questions:

What does “WannaCry” mean?

“WannaCry” is the most common name for the recent cyber-attack using a malicious ransomware program. Other names include WanaCrypt0r, WANA Decrypt0r 2.0, WCrypt, WCRY and WannaCrypt. The term WannaCry involves a play on words on “cry” and “decrypt”.

What has happened since 12 May?

Computers across the globe have been infected with malicious software – since then, extortionists have been demanding that those affected pay a ransom in the digital currency Bitcoin. To date, roughly 130 victims out of an estimated total of 220,000 have paid out ransom money to the tune of about 30,000 euros. "WannaCry" has thus caused enormous global damage without so far paying off in pecuniary terms for the attackers.

What is ransomware?

With a malicious ransomware program, hackers and cyber-criminals extort money from their victims by encrypting and locking private data on third-party computers. The attackers demand a ransom for the release of the data. There are many other names and spellings for ransomware: extortion trojans, encryption trojans, crypto trojans and also cryptotrojans.

Who is affected?

Computers around the world with the Microsoft Windows operating system have been affected by the “WannaCry” ransomware. As things currently stand, Russia, Taiwan and Ukraine have been among the main targets. Exactly how much damage the extortion software has caused in those places is not yet known. The Russian Interior Ministry has at least confirmed the attack. The impact of the attack was particularly dramatic in the UK: Many hospitals have been affected — important medical data were encrypted and locked by the hackers. According to press reports, many patients could not be treated and even had to be sent home. In Germany, the computers of the national railway company Deutsche Bahn were affected, and timetable boards and ticket machines went haywire.

Should you pay the ransom if you’re affected?

The police have appealed to those affected not to make any payments to the extortionists. First of all, there is no information to indicate whether the victims have actually been sent a key in return for the payment with which they can unlock their data. Experts assume that the data will not be recoverable from infected systems unless they have previously been backed up. Furthermore, it is unclear who is behind the attacks.

How can you protect yourself now?

The software patch released by Microsoft on 14 March stops the proliferation of the extortion program. The security update fixes the vulnerability and resolves the issues. There is an even an update for the Windows XP operating system, support for which was terminated by Microsoft some three years ago. Microsoft users should therefore immediately install the latest security updates. The current vulnerability has been known about for months, and the corresponding security updates are available. Experts strongly advise users to apply them.

THREE QUESTIONS TO ...

Dirk Kretzschmar, TÜViT, talks in ZDF heute (a german newscast) about the hacker attacks on 27th June 2017.

 

What can we learn from the attack?

Thanks to the current ransomware attack, an enormous security vulnerability has now come to general public attention. Obsolete operating systems for which there have been no security updates for years are still in use in very large numbers.

Why?

The reasons for this are entirely understandable. It is often the case that essential and specially developed programs are not available with more recent operating systems. Operating systems like Windows XP are therefore still in use in production processes and administration. This is fine as long as these computers work in isolation, have no connection to the Internet or use Cloud services. In other words, as long as they’re used in an environment that’s completely protected from the “outside”. If, however, these obsolete operating systems are used in an environment that is accessible from the outside – and this question becomes particularly pertinent in the light of increasing digitalisation – these computers then become an active risk, which is something the operator needs to know.

How can you protect yourself?

If you aren’t sure, you urgently need to have your systems and infrastructure checked, which, with its vulnerabilities analysis and the introduction of information security management systems, is exactly the service offered by TÜViT.