What is ransomware and how do I protect my PC from WannaCry?

If you pay the ransom, you may not get your files back

On Friday 12 May and over the weekend, thousands of computers were attacked by malware called WannaCry, also known as WCry, WannaDecryptOr, and WannaCrypt. It's ransomware and stops you from accessing any files on the 'infected' computer until you pay the ransom.

NHS computers were infected in the UK by the attack, along with computers in over 100 other countries including those owned by FedEx.

What is ransomware?

It's a malicious program that's like a computer virus. It's designed to scan your hard drives and encrypt as many files as it can so you can't access them. The files are still there and you have to pay a sum - the ransom - in order to get your files back. This is usually done via Bitcoin, as it's anonymous.Â

Sometimes, manual human intervention is required of the hackers to decrypt your files once you've paid. But since you're dealing with criminals, there's no reason to think they will do what they promise. So most experts recommend you don't pay.

How does WannaCry work?

Like a lot of malware, it can arrive as an email attachment. This method relies on computer users opening the attachment, or clicking on a link in an email, which causes the program to run.

People often open these attachments or click links out of curiosity, because the sender is someone in their address book.

WannaCry then encrypts all the files and documents on the computer so the user cannot open them.

It displays a message saying "Ooops, your files have been encrypted!" and says you have three days to pay a $300 or $600 ransom.

Which versions of Windows are affected?

If your computer runs Windows 10, it wasn't targeted by WannaCry according to Microsoft's blog post.

Also, up-to-date Windows 10 PCs would have been protected from the attack in any case.

The same security update in March would have protected Windows Vista, Windows 7 and Windows 8.1 systems, as long as you had automatic updates turned on (which is the default).

Only older versions of Windows which are no longer supported were vulnerable, including Windows XP and Windows 8.

It's worth noting, though, that in general home users should not be affected by this particular piece of ransomware. It mainly targeted computers running the business version of Windows, specifically those using the SMB network file system.

How can I protect my files from WannaCry?

Microsoft has issued a security patch for Windows XP and Windows 8 - a very unusual step for unsupported operating systems -- which you can download from the links on Microsoft's blog.

If you have Windows Update enabled on other versions then you will already be protected against WannaCry and any other attacks which use the same vulnerability.

If you're not sure, then open the Control Panel (you'll find a link in the Start menu) and search for Windows Update. Click through to Windows Update and you'll be able to check if it's enabled or not.

There should be a button 'Check for updates' which you can click to force Windows to search and install critical updates.

Back up!

Of course, as we always recommend, you should have at least one (if not two) copies of any files you can't afford to lose. Photos, home videos, financial documents and other files that can't be replaced should be backed up regularly.

Ransomware is often clever enough to scan your home network and infect other computers and even network storage drives (NAS drives) so it's really important to make a backup on an external hard drive that you disconnect and keep safely somewhere.

Don't open attachments

You, as the computer user, are often the weak link in the chain. Windows and antivirus software can help to protect you from ransomware attacks, but you can help yourself by being extremely cautious about which email attachments you open and which links you click.

Typically, emails from hackers won't contain a personal message, or it will be so generic that you can't be sure it's really from the person in the 'sender' field.

In WannaCry's case, at least some of the emails pretended to be an important email from a bank about a money transfer.

Either just delete the email, or call the sender and ask them if they sent the email and what is in the attachment, or on the other end of the link. Unless you are absolutely sure the attachment is safe, don't click on it.

Won't antivirus software protect me from WannaCry?

Most but not all antivirus software now contains 'anti-ransomware' that should help protect your PCs and laptops from WannaCry and other ransomware.

That's why it's important not to rely just on Windows' own security but to add an extra layer of protection.

Check out our list of the best antivirus to make sure you're running one of our recommended packages. Our favourite is BitDefender, but there are plenty of other great options to choose from too.

My PC is infected with WannaCry. What should I do?

First, don't pay the ransom. It only encourages the criminals - getting paid is their end game.

Some security experts predict there could be a free 'fix' to decrypt the files in a few days and remove the malware.

There's no guarantee you will get your files back even if you do pay.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about BitDefenderClickFedExMicrosoftNAS

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by By Jim Martin

Latest Videos

More videos

Blog Posts