One of the biggest-ever ransomware attacks continues to take computers hostage.
Friday’s attack largely hit businesses and large organizations: U.K. hospitals, a Spanish telecom, FedEx, the Russian Interior Ministry, and more. And it’s expected to cause more problems on Monday. Researchers recorded infections in tens of thousands of machines, and Europol estimated Sunday that the attack had spread to about 150 countries.
Ransomware is a type of malicious software that takes over a computer and locks the user out, preventing them from accessing any files until they pay money. This particular program, called WannaCry, asks for about $300, though the price increases over time.
Experts are advising infected users not to pay the ransom, because it is unlikely they will get their files back.
Businesses and large organizations are mostly at risk of this attack because of a flaw in a Windows protocol that many businesses use to share files.
WannaCry takes advantage of a vulnerability discovered by the NSA and made public by hackers in April. Microsoft released a patch for the vulnerability in March. But computers and networks that didn’t update their systems are still at risk.
On Friday, a security researcher inadvertently created a “kill switch” to help stop the spread of this ransomware. However, a hacker could rewrite the code to omit the kill switch and start trying to infect new machines with a new version of it.
Businesses sometimes take longer to install critical updates and patches, often to avoid impacting any older software they are running. In a surprise move over the weekend, Microsoft released a patch for versions of Windows it no longer supports — because many businesses and organizations use legacy technology as critical infrastructure.
Matthew Hickey, cofounder of security firm My Hacker House, created a virtual inoculation for companies to use to prevent ransomware while they work on patching. The tool is called WCRYSLAP and can be found here.
Editor’s note: Are you affected by the attack? Have you paid the ransom? You can WhatsApp us on +1 347-322-0415.
“It gives you a little piece of the virus so that when your machine gets infected, the virus sees you already have an infection and quits. It stops the damage being caused,” Hickey told CNNTech.
The tool doesn’t stop the worm from spreading, but it prevents files from getting encrypted. Businesses need to patch to be completely protected, but Hickey’s solution works for organizations that might need more time to upgrade.
Though the worm is primarily affecting business, individuals with PCs running Windows should still take a few precautions.
First, install any software updates immediately and make it a regular habit. Turn on auto-updaters where available (Microsoft offers that option). Microsoft also recommends running its free anti-virus software for Windows.
If you don’t already have a backup routine, start now: Regularly save copies of all your files. That way, if your machine gets infected and your photos and documents are encrypted, you don’t need to worry about losing them.
Finally, always stay alert. Don’t click on links that you don’t recognize, nor download files from people you don’t know personally.
The cyberattack highlights how critical infrastructure and major organizations can be harmed by outdated software and technology. So while your own machine is clean, basic services that impact your life could still be at risk.
Heather Kelly contributed reporting.