Complete information about WannaCry, a ransomware program

By now there's a good chance that you've already heard something about the WannaCry ransomware, and are wondering what's going on, and whether your computer is secure. CERT-In India has issued a red alert about WannaCry, or WannaCrypt, in an advisory.
But what is WannaCry ransomware? Is it a virus, and do you need a patch? Here's everything that you need to know about the cyber-attacks, in one simple list.


The malware spreads as a worm — scanning other computers linked to any machine or system it infects for the same defect and leaping onto them — through a vulnerability in Microsoft systems, particularly on outdated software like Windows XP or Windows Server 2003. 

The malware includes an encryption package that automatically downloads itself to infected computers, locking up nearly all of the machines' files and demanding payment of $300 to $600 for a key to unlock them. 

All it takes is for one computer on a network to be infected for all of the computers on that network to be compromised. 

While Microsoft had stopped supporting older versions of Windows, it said it is pushing out special automatic updates to those systems to block the worm.

WannaCry virus: 10 easy ways to protect your Windows machines from ransomware threat

Unfortunately, those so-called legacy systems are disproportionately used by smaller companies with small technology staffs, which are unlikely to have blocked the infection before Microsoft's patch began rolling out, the cybersecurity firm Proofpoint Inc. said.

Even then, Microsoft's updates can be loaded only if a computer is powered back on — something that won't happen for the first time at potentially thousands of companies until Monday.

  1. WannaCry is a ransomware program targeting Microsoft's Windows operating system. Ransomware is a kind of cyber-attack where hackers can take control of your computer, and keep you from using it or accessing your data until you make a payment to the hackers. If you don't, they can even delete everything.
  2. On Friday, a large-scale cyber-attack was launched, affecting computers in 150 countries, and in less than a day, researchers observed 57,000 infections.
  3. The hackers demanded payments of $300 to $600 (roughly Rs. 19,000 and Rs. 38,000) which were to be paid using Bitcoins. The British NHS, international shipper FedEx, telecommunications company Telefonica and others were among the targets.
  4. In India, computers at Andhra Pradesh's police departments were hacked. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected.
  5. R Jaya Lakshmi, Superintendent of Police, Tirupati Urban, said the 'ransomware' encrypted data in some police stations, adding that they were not able to access data and hackers were demanding ransom in Bitcoins to restore access.
  6. India's digital security agency, CERT-In has issued a red alert, and advised users and organizations to apply patches to Windows. It added that WannaCry was targeting common file extensions such as PPT, DOC, and TIFF, along with media files such as MP4 and MKV files, and on Monday at 11am is holding a webcast on preventing the WannaCry ransomware threat.
  7. According to a report, enterprises in Mumbai, Hyderabad, Bengaluru, and Chennai have been affected. Two South Indian banks are also reportedly affected, and possibly also Renault in Chennai, the report noted.
  8. The IT ministry has also reached out to agencies such as the RBI, the NPCI, and UIDAI, to warn them about the risks associated with WannaCry, and help to secure their systems, in order to make sure that digital payments in India are not affected, reported PTI.
  9. The ministry has also reached out to ISPs, alerting them to secure their networks, and it has also reached out to Microsoft India to inform all its partners and customers to apply the relevant patches. "The impact has been somewhat contained in India because of the weekend. However, one will have to watch the situation as people return to work tomorrow and access their computers," Kaspersky Lab Head for South Asia Region Altaf Halde told PTI.
  10. China's official news agency Xinhua said secondary schools and universities were hit, but did not say how many or identify them. William Saito, cyber security adviser to the Japanese cabinet and trade ministry, said some of the country's institutions were affected but declined to elaborate. Two hospitals in Jakarta were hit, according to Semuel Pangerapan, a director general at Indonesia's Communication and Information Ministry. South Korea's Yonhap news agency said one of Seoul's university hospitals had been affected.
  11. The hackers likely made WannaCry using a piece of NSA code released last month by a hacking group known as the Shadow Brokers, according to security researchers. The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.
  12. The attack has crippled more than 200,000 computers, and struck banks, hospitals, and government agencies. All this took place over the weekend - the number of affected users is expected to grow now that the work week has begun, and people start logging into their devices.
  13. Brad Smith, Microsoft's president and chief legal officer, said in a blog post Sunday that it was in fact the NSA that developed the code being used in the attack. He warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers - not sell, store or exploit them, lest they fall into the wrong hands.
  14. Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.
  15. Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday. 

What to do if you're infected

You'll immediately know whether you're infected — you'll be greeted by a popup screen saying "Ooops, your important files are encrypted." 

And by "important," they're talking about your most commonly used files — including .mp3 audios and .mp4 and .avi videos; .png and .jpg images; and .doc and .txt documents. The worm also targets any backup files you may have made, so you can't even restore older, safe versions.

WannaCry virus: 10 easy ways to protect your Windows machines from ransomware threat

The encrypted files will have the extension .WCRY added to their names. The international security firm Kaspersky has a complete list here

Analysts said you should not click the "check payment" or "decrypt" buttons in the popup message. Instead — if you're able to — download and install Microsoft patch MS17-010, available here, which should work on Windows systems going all the way back to Vista.
Via NDTV, NBCnews