The WannaCry ransomware attack that hit nations around the world over the weekend may just be warming up, according to security experts.
The attack the world couldn’t ignore
More than 29,000 Chinese institutions such as universities, railway stations, hospitals and gas stations were victims of the hack.
Japanese media reports some 600 companies were targeted in the criminal effort, including Nissan and Hitachi.
In England, the U.K.’s National Health Service said 16 of its hospitals and clinics had to cancel appointments and divert ambulances because of the virulent malware.
Closer to home, FedEx says it got caught up in the cyberattack. The logistics giant reported “experiencing interference with some of our Windows-based systems caused by malware.”
Now we’re dealing with the fallout of the attack and bracing for more impact. NBC News is already reporting that two new variants of the malware have been identified.
Rob Wainwright, director of the European investigative agency Europol, cautions that we may just be getting started with this attack.
“I am worried about how the numbers will continue to grow when people go to work [on Monday] and turn [on] their machines,” he told NBC News’ U.K. partner ITV on Sunday.
Listen: Clark discusses the ransomware attack on the Clark Howard Show Podcast
So what exactly happened?
In this particular case, the ransomware was equipped with an encryption package that automatically downloaded to infected computers.
Once on a computer, it would lock up important files and wouldn’t let them go until the victim paid between $300 to $600 for a digital key to unlock them.
Meanwhile, the bad code would “worm” its way around by scanning other computers on the same network and infiltrating them. So by just one computer on a network getting the infection, an entire network could be crippled by crooks!
The attack targeted outdated software like Windows XP or Windows Server 2003 on Microsoft systems.
What kinds of files were held hostage?
According to security research firm Kaspersky Lab, Wannacry targeted the following types of extensions:
- Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi)
- Less common and nation-specific office formats (.sxw, .odt, .hwp)
- Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
- Emails and email databases (.eml, .msg, .ost, .pst, .edb)
- Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd)
- Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm)
- Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes)
- Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd)
- Virtual machine files (.vmx, .vmdk, .vdi)
Who was behind the attack?
While no one is quite sure, early indications suggest that a hacker group called the Shadow Brokers executed it using code stolen from the U.S. National Security Agency.
What should you do if you’re infected?
If someone is holding your computer hostage for money, never pay the ransom.
First, there’s no way to tell the scammers will unlock it. Second, there’s no way to guaranteed that they won’t load additional viruses on your computer. Third, you’re rewarding bad behavior if you pay them!
Failing that, you may need to contact a professional to clean your computer if you’re infected. Even if you’re able to unfreeze your computer yourself without paying the ransom, elements of the virus could remain behind.
Here’s how to protect yourself going forward
For starters, you should always back up your data in the cloud so you can abandon a computer if it gets hijacked. There are a lot of free options out there for cloud storage space.
Meanwhile, here are a few other basic things you can do to protect yourself going forward:
- For basic protection, use anti-virus and anti-malware software and keep it up to date. See our Virus, Spyware and Malware Protection Guide for links to free options.
- Keep your browsers, applications and plug-ins up-to-date with the latest security patches and updates. Be sure to do this at home on your own secure connection.
- When using Wi-Fi at a hotel or other public hotspot, make sure you are using the real Wi-Fi connection. Some scammers try to lure people to a fake Wi-Fi connection that can steal your info.
- When using public Wi-Fi of any kind, don’t access your financial institutions or do any kind of bank transaction — do that at home only!
- Don’t forget about the basic rules: Never click on links inside emails or open attachments from unknown parties that you weren’t expecting.
Read more: Top 10 scams coming after your money!