Nominations for the CIO100 Awards - East Africa Edition are now open!



What is WannaCry? What does WannaCry ransomware do?

 ransomware attack called WannaCry that was first launched on 12 May and since spread around the world impacted a number of...


What is WannaCry? What does WannaCry ransomware do?
The Wanna Decryptor ransomware’s ransom note. Credit: Michael Kan

 ransomware attack called WannaCry that was first launched on 12 May and since spread around the world impacted a number of high-profile organisations globally, including NHS England in the UK.

Ransomware is a type of malicious software that will block access to your files unless you pay a ransom.

Some 47 NHS trusts fell victim to these ransomware attacks resulting in devastating consequences for some patients, as operations were cancelled and medical records held for ransom.

One theory suggested that 90 percent of NHS trusts across the UK were using Microsoft’s 16-year-old OS Windows XP, which could leave them susceptible to attacks.


What is WannaCry ransomware?

WannaCry or Wanna Decryptor ransomware seems to have used a vulnerability in Microsoft’s software.

An exploit discovered and built upon by the USA’s National Security Agency called EternalBlue was leaked by a group called the Shadow Brokers earlier this year. It was patched by Microsoft at the time, but older versions of Windows or those without Windows Update were left open to attacks.

WannaCry uses EternalBlue, which takes advantage of a vulnerability in the SMB protocol, to worm its way through local networks and online.

The worm encrypts data on an infected system, and then tells the user that their files have been locked and displays information on how much is to be paid and when – up to roughly $600 in bitcoin.


WannaCry, like the majority of ransomware and malware will arrive under your radar, as an email attachment or as a download on your PC. It essentially relies on victims clicking on or downloading the attachment, which causes the program to run and infect your computer with ransomware.

What versions of Windows are affected?

According to Microsoft’s blog, older versions of Windows that are no longer supported by Microsoft were vulnerable, which includes Windows 8 and Windows XP, which the majority of NHS Trusts were running.

For those running Windows 10 or Windows Vista, Windows 7 and Windows 8.1 systems, which has automatic updates turned on, you’ll remain protected from WannaCry.

For a full description of ransomware and how it can be stopped, see here.


How should businesses respond to ransomware attacks?

Sadly, there isn’t a simple formula for businesses to follow in regards to ransomware. But there are a few things that businesses can do to limit the damage it causes.

The biggest question is whether businesses should pay or not. In most cases, the sum of money demanded is relatively small so it might seem easier to just pay the money and if you have backups, just restore your systems with them.

However, if you do pay, you’re only fueling the fire. The longer victims pay, the longer ransomware will continue to grow, or at least that’s what leading cyber security firms believe and it’s why they advise against it.

The only real security from ransomware is backups and solid security best practices. Other than that, there are some decryption tools that claim to decrypt the files that the ransomware have locked down.

See here for a full list of ransomware removal tools and anti-ransomware software.

Do you have a story that you think would interest our readers? write to us