WannaCry ransomware: Everything you need to know

One of the largest cyberattacks ever is currently eating the web, hitting PCs in countries and businesses around the world.

Ian Sherr Contributor and Former Editor at Large / News

Ian Sherr (he/him/his) grew up in the San Francisco Bay Area, so he's always had a connection to the tech world. As an editor at large at CNET, he wrote about Apple, Microsoft, VR, video games and internet troubles. Aside from writing, he tinkers with tech at home, is a longtime fencer -- the kind with swords -- and began woodworking during the pandemic.

See full bio

Ian Sherr

May 19, 2017 12:29 p.m. PT

5 min read

Watch this: Why the WannaCry cyberattack is so bad, and so avoidable

02:18

You've heard the phrase "the road to Hell is paved with good intentions," right?

Well, a vulnerability first uncovered by the National Security Agency and then released by hackers on the internet is now being used in one of the most prolific cyberattacks ever around the globe.

It's called WannaCry, and it's brought computer systems from Russia to China to the UK and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. So far, more than 200,000 computers in 150 countries have been affected, with victims including hospitals, banks, telecommunications companies and warehouses.

Here's everything you could want to know about WannaCry.

What is WannaCry?

It's the name for a prolific hacking attack known as "ransomware," that holds your computer hostage until you pay a ransom.

More on WannaCry

The way it works is that once it infects a computer, it encrypts -- or basically scrambles -- all the data. Then the program puts up a screen demanding you pay money to get access back. Typically the price increases over time until the end of a countdown, when the files are destroyed.

We first heard about WannaCry last week from the UK's health service, which appeared to be one of the first major computer systems affected by the hack. It's also called WannaCrypt.

You can follow who's affected by watching this live tracking map created by MalwareTech.

Why do hackers do this?

The same reason you get telemarketing calls and junk email: It's effective.

Security company Symantec says that ransomware attacks alone jumped by more than one-third to over 483,800 incidents in 2016. And that's just the ones they tracked.

How do I protect my machine?

If you're running a Windows-powered PC, make sure all your software is up to date. In addition, as always, do not open suspicious emails, click on links you don't know or open any files you weren't expecting.

What do I do if my computer is infected?

So far, there doesn't appear to be a proven way to fix WannaCry. Cybersecurity researchers claim to have a method to stop it, but we at CNET have not been able to verify it.

Shortly after WannaCry began to spread, a security researcher accidentally found a kill switch that appeared to stop WannaCry in its tracks. But hackers have since made a fix, and this time there doesn't appear to be any way to stop it. It also has a new name Uiwix, according to researchers at Heimdal Security.

Another diabolical twist is if the ransom isn't paid in 72 hours, the price could double. And after a few days, the files are permanently locked.

Great, so I have to pay these monsters to get my computer back?

While there is no clear fix for WannaCry, experts highly recommend you not pay to get your data back.

While it may be tempting to fork over the $300 ransom to make the problem go away the FBI, Department of Justice and many tech firms suggest you don't. One reason is that you're basically giving money to criminals, who may demand even more money or potentially re-target you in the future since you've indicated you're willing to pay them in the first place.

What is this bitcoin stuff the hackers want us to pay with?

Hackers typically demand payment via bitcoin, an untraceable digital currency often used on shadowy parts of the internet. While it's hard to trace, the amount of money that's been sent to the criminals is public information.

Ok, so if I don't pay, what can I do if I'm infected?

Many experts say wiping your machine and restoring from backups is a better way to go. If you don't have regular backups of your data, I'm sorry to say you're in a real bind.

Who created WannaCry?

The hack appears to have originally been discovered by the NSA, which allegedly kept it on file as a potential tool to use for surveillance or other issues.

We found out about it because a group of hackers, known as Shadow Brokers, in April released a cache of stolen NSA documents on the internet, including details about the WannaCry vulnerability.

Does WannaCry affect my Mac, iPhone or Android?

No. It appears to only affect computers powered by Microsoft Windows. Microsoft released a software update in March that protects against this vulnerability, but we've since learned that many people didn't update their computers.

Microsoft took the unusual step on Friday to release another update for older computers running Windows XP (first released in 2001), Vista (2006) and Windows 7 (2009) and Windows 8 (2012), protecting them as well.

Microsoft, by the way, isn't happy about this attack, and has slammed spy agencies for stockpiling vulnerabilities instead of reporting them to computer companies to be fixed.

Who's most vulnerable?

Windows-powered PCs that aren't running updated software that protect from this vulnerability are the most at risk. WannaCry appears to travel across corporate networks, spreading quickly through file-sharing systems.

The diabolical part of that is corporate computers are typically controlled by IT departments that choose when to send updates to computers. So if one computer is vulnerable, it's likely all the computers on a corporate network are too, making it easy for WannaCry to have a large impact.

How does WannaCry spread?

It appears networks of computers, like schools, companies, hospitals and businesses, are particularly vulnerable. That's because security researchers say the ransomware is spread through standard file sharing technology used by PCs called Microsoft Windows Server Message Block, or "SMB" for short.

It also appears able to spread to other computers outside corporate networks. Researchers have already found variants of the attack, so there isn't just one way it works.

What do I do if I'm not hit but worried I might be?

If you have backups, now would be a good time to update them. If you don't, I suggest you start.

Also make sure to check your software updates and talk to your IT managers.

This story was originally published at 10:07 a.m. PT on May 15.
Updated at 9:31 a.m. PT on May 16: To include additional information on the amount of ransom paid.
Updated at 3:20 p.m. PT on May 18: To include additional information about how to respond to attacks.
Updated at 12:30 p.m. PT on May 19: To include additional information about efforts to fight WannaCry.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

Batteries Not Included: The CNET team reminds us why tech is cool.: The CNET team reminds us why tech is cool.