Understanding the WannaCry Ransomware
Let's begin by saying that the Wana Decryptor (a.k.a. WannaCry) ransomware worm that you keep hearing about primarily impacts outdated and unsupported versions of Microsoft's WIndows operating system. If you're using Windows 10 and you are all caught up with critical security updates then you're safe at this time. Questions likely remain in your mind, however, so let's walk through the various issues related to WannaCry step by step.
What's a worm? What's ransomware?
First things first, a worm is a sub-classification of computer viruses and it is named in a way that helps us understand its behavior. Consider a computer virus as analogous to a cold virus in humans. This virus is spread when you, the host, are contagious and put yourself in contact with other vulnerable human beings. Your action is required to help a virus spread.
A worm, on the other hand, doesn't require your active behavior. A worm can replicate and spread itself through network connections using exploitable software code—much like a real worm can spread within proximity through the mishandling of sanitation—and the worm can therefore infect other systems without direct human intervention. It was possible for a kill-switch to be enacted against this worm to help slow its spread.
While not required for a worm to spread, human action can increase the infection rate. This happens when malicious code is unknowingly run as an end result of phishing schemes or by opening misrepresented infected files.
Ransomware, of course, is software that cripples the functionality of a computing device and demands that payment be remitted to the authors of the malicious code in order to prevent any damage (corruption, deletion, etc) to the system's data.
Who is vulnerable?
If you're not installing Microsoft's security updates labeled "Critical" on the Windows operating system, you're at risk. Back in March of this year, Microsoft patched the two exploits—EternalBlue and DoublePulsar—responsible for allowing WannaCry to spread as a worm. The update was valid for Windows Vista, Windows 7, and Windows 10 as well as Windows server products dated 2008 or later. Originally, Windows XP, Windows 8, and Windows 8.1 were not covered, along with server products prior to 2008, because they are outside of both their normal and extended service lives. However, Microsoft took the unprecedented step of updating these systems—which date back to 2001—in order to prevent further infection by WannaCry in mission critical systems run by major businesses and governments that have not been updated for whatever reason.
Did the U.S. government make this worm?
You may hear rumors circulating that the U.S. government created this worm. That is flat out false. What is true, however, is that this worm is based on two exploits discovered and held in secret by the U.S. National Security Agency (NSA). Backlash against the NSA exists because of their predisposition to not inform software manufacturers of identified exploitable code. The lack of disclosure is due to the utilization those exploits for spying. Is the NSA to blame? Not directly, no. They didn't write this ransomwear and they didn't (again, directly) help spread it. Another question which doesn't have as clear of an answer is, "Are they culpable?" Arguably, culpability may be present as social convention (and common sense) suggest that all friendly entities inform software developers of identified exploits in order for them to be fixed.
What is being done to protect us?
Microsoft has updated all versions of Windows dating back to XP from 2001 whether or not they are within their serviceable lives. Microsoft also has a bounty program designed to reward those who revel found exploits in Microsoft products. The United States Army and other government agencies are working to updated computer systems, including mission critical systems that are used for missile management and deployment, by the end of this year. Additionally, researchers and independent coders across the planet are working to find exploits and report them either for reward money or for the credibility that comes with being published in security journals.
What can I do to protect myself?
Update all of your operating systems to the newest stable and generally available release. This is true whether you use Windows, Android, ChromeOS, macOS, iOS, Ubuntu, or anything else. Additionally, be sure to check the security certificate on any website that requests information and don't open unknown or untrusted web downloads or email attachments. These suspicious files may contain malicious code intended to infect your computer and therefore speed up the spread of a virus or worm.