The malware, or malicious software, attack on global computer systems, most notably the NHS here in the Uk, has been making headlines since its discovery on Friday, May 12.
Users infected with the malicious software will typically find that important files on their computer have been encrypted, meaning that they are unable to access them. This type of malware is called “ransomware”, as infected users will receive a message saying that their files will only be unencrypted if they pay a ransom demand. The ransom demands are usually for relatively small sums of money, to increase the likelihood of users paying up. What is unusual about the “Wannacry malware” is that instead of spreading by relying on users clicking on links, or opening attachments in emails, the Wannacry is self-propagating, meaning it’s able to spread across a network itself without human intervention.
Dr Natalie Coull, lecturer in Ethical Hacking at Abertay University, Dundee, said: “This scale of self-propagating malware hasn’t really been seen since the early noughties. The criminals behind the Wannacry malware were probably unprepared for how quickly their software would spread and it is unlikely that they will be able to follow up with any ransom payments due to the sheer volume that they’ll be receiving.”
The general advice to any infected users is not to respond to the demands. An increasing number of organised gangs are turning to malware as a way of making money, so sadly ransomware attacks are increasing.
Dr Coull continued: “The media response to the Wannacry malware and speedy response from the IT community means the likelihood of further attacks from this particular malware strain are reduced.
“However, there are a huge number of machines connected to the internet with vulnerabilities, and it is only a matter of time before they are the focus of a different attack. Hopefully, lessons will be learned from the Wannacry attack about the importance of investing in secure systems and ensuring that a back-up policy is in place to limit system down-time.”
Most organisations will have good back-up procedures in place, which means any encrypted files should be recoverable, although it may take a few days for this to roll out. Unfortunately, some organisations may not be able to recover the data from their back-ups, which means any encrypted files may be lost forever. Also, some of the infected machines may not be part of an organisation’s back-up policy, especially where embedded systems have been used.
Dr Coull concluded: “The best way to avoid an infection like this in the future is to ensure that all updates have been applied in a timely manner and that critical systems have good back-ups in place.”