One of the largest cyberattacks ever is currently eating the web, hitting PCs in countries and businesses around the world.
Ian SherrFormer Editor at Large / News
Ian Sherr (he/him/his) grew up in the San Francisco Bay Area, so he's always had a connection to the tech world. At CNET, he wrote about Apple, Microsoft, VR, video games and internet troubles. Aside from writing, he tinkers with tech at home, is a longtime fencer -- the kind with swords -- and began woodworking during the pandemic.
Watch this: Why the WannaCry cyberattack is so bad, and so avoidable
You've heard the phrase "the road to Hell is paved with good intentions," right?
Well, a vulnerability first uncovered by the
National Security Agency
and then released by hackers on the internet is now being used in one of the most prolific cyberattacks ever around the globe.
It's called WannaCry, and it's brought computer systems from Russia to China to the UK and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. So far, more than 200,000 computers in 150 countries have been affected, with victims including hospitals, banks, telecommunications companies and warehouses.
Here's everything you could want to know about WannaCry.
What is WannaCry?
It's the name for a prolific
attack known as "ransomware," that holds your computer hostage until you pay a ransom.
Ransomware: An executive guide to one of the biggest menaces on the web (ZDNet)
The way it works is that once it infects a computer, it encrypts -- or basically scrambles -- all the data. Then the program puts up a screen demanding you pay money to get access back. Typically the price increases over time until the end of a countdown, when the files are destroyed.
The same reason you get telemarketing calls and junk email: It's effective.
Security company Symantec says that ransomware attacks alone jumped by more than one-third to over 483,800 incidents in 2016. And that's just the ones they tracked.
How do I protect my machine?
If you're running a Windows-powered PC, make sure all your software is up to date. In addition, as always, do not open suspicious emails, click on links you don't know or open any files you weren't expecting.
What do I do if my computer is infected?
So far, there doesn't appear to be a proven way to fix WannaCry. Cybersecurity researchers claim to have a method to stop it, but we at CNET have not been able to verify it.
Another diabolical twist is if the ransom isn't paid in 72 hours, the price could double. And after a few days, the files are permanently locked.
Great, so I have to pay these monsters to get my computer back?
While there is no clear fix for WannaCry, experts highly recommend you not pay to get your data back.
While it may be tempting to fork over the $300 ransom to make the problem go away the FBI, Department of Justice and many tech firms suggest you don't. One reason is that you're basically giving money to criminals, who may demand even more money or potentially re-target you in the future since you've indicated you're willing to pay them in the first place.
What is this bitcoin stuff the hackers want us to pay with?
We found out about it because a group of hackers, known as Shadow Brokers, in April released a cache of stolen NSA documents on the internet, including details about the WannaCry vulnerability.
Does WannaCry affect my Mac, iPhone or Android?
No. It appears to only affect computers powered by
Windows. Microsoft released a software update in March that protects against this vulnerability, but we've since learned that many people didn't update their computers.
Microsoft took the unusual step on Friday to release another update for older computers running Windows XP (first released in 2001), Vista (2006) and
(2009) and Windows 8 (2012), protecting them as well.
Windows-powered PCs that aren't running updated software that protect from this vulnerability are the most at risk. WannaCry appears to travel across corporate networks, spreading quickly through file-sharing systems.
The diabolical part of that is corporate computers are typically controlled by IT departments that choose when to send updates to computers. So if one computer is vulnerable, it's likely all the computers on a corporate network are too, making it easy for WannaCry to have a large impact.
How does WannaCry spread?
It appears networks of computers, like schools, companies, hospitals and businesses, are particularly vulnerable. That's because security researchers say the ransomware is spread through standard file sharing technology used by PCs called Microsoft Windows Server Message Block, or "SMB" for short.
It also appears able to spread to other computers outside corporate networks. Researchers have already found variants of the attack, so there isn't just one way it works.
What do I do if I'm not hit but worried I might be?
If you have backups, now would be a good time to update them. If you don't, I suggest you start.
Also make sure to check your software updates and talk to your IT managers.
This story was originally published at 10:07 a.m. PT on May 15. Updated at 9:31 a.m. PT on May 16:To include additional information on the amount of ransom paid. Updated at 3:20 p.m. PT on May 18:To include additional information about how to respond to attacks. Updated at 12:30 p.m. PT on May 19:To include additional information about efforts to fight WannaCry.
Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.
Batteries Not Included: The CNET team reminds us why tech is cool.: The CNET team reminds us why tech is cool.