One of the big questions that I keep being asked about Wannacry / Wannacrypt0r ransomware worm is why is it only ( mainly) attacking big business, Public Authorities like the NHS in UK and Industry like Nissan and Renault. Why isn’t it affecting consumers ( home users and small business) in the same way?
The reason is this malware relies on an exploit in a networking protocol called SMBv1 to be able to infiltrate in the first place and then spread throughout the network to other computers. Microsoft knew about the exploit some time ago and released a patch for it in March 2017. However the patch was only for currently ( at that time ) supported operating systems which was Windows Vista, Windows 7, Windows 8.1 and Windows 10 ( although W10 is immune already to the exploit). Most consumer and small business computers don’t have SMBv1 enabled. That is part of a file sharing and networking protocol that home users don’t generally use.
There are still loads of XP computers out there that haven’t been patched. Many of them were in the businesses and organisations that were hit by the ransomware worm on Friday.
What Ransomware would look like in real life
Now trying to put it in easily understood terms, think of the worm as a big gang of burglars running riot in a town looking for places to burgle. Now these burglars have a key that fits almost every lock in existence that will let them into the building. The recent Microsoft patch changed the lock slightly so the burglar’s key won’t work and most of the houses had a different type of lock that the burglar’s key wouldn’t fit. But just to be safe Microsoft applied the patches to those locks just in case.
Almost all the houses and most of the businesses in the town have applied the patch ( upgraded the lock so the burglar’s key won’t fit now ). However some of the businesses and the Local Hospital either didn’t upgrade the lock ( didn’t apply the patches) or are using an old lock that couldn’t be upgraded ( Using windows XP ). After the worm hit ( the burglars started breaking in ) Microsoft decided that the old locks could after all be upgraded and released an extra patch so those houses at the far end of the town had time to upgrade the locks before the burglars got to their street.
The gang of burglars went down all the streets in the town and tried all the doors. They couldn’t get in most of them, but did get into a few of them as well as the Local Hospital and a few of the big businesses.
Now some of these houses and businesses had a secret passage connecting them to each other. Once the burglars were inside 1 house or factory or the Local Hospital, they could slip down the passage and get into all the other connected houses and businesses and change the locks on every door and window in those properties as well. They didn’t need to be let in the front door. They went straight down the secret passage to the bedroom, kitchen, bathroom, living room, study etc. and changed the locks there.
Now once they got in, these burglars didn’t want to actually steal anything. It would take them too long to carry everything away with them and the police would have turned up and arrested them.
What they did was to lock the householder or business out of the premises by changing the lock so the victim would have to pay them a lot of money to get the key to the new lock. To make it worse, once they were inside a property they didn’t just change the front door lock, they also put a lock on every single door and window, on every room in the property. They then told the owner they had to pay separately for every room to be unlocked. To make things even worse for the victim the burglars let you peep in the window and even reach though an opening to touch all your property; your books, dvds, pictures on the wall and all your letters etc. But they scramble them so they don’t even look like books, dvds or pictures, just look like a blob on the floor. To get them back, you need to pay for the key that unblocks the door, which also unscrambles the blobby objects in the big pile in the middle of the floor.
It is a little bit harder than this, but when you see each infected ( ransomwared ) computer as a room with the door or window that had its lock changed you get the idea.
Some householders say, ” Oh it doesn’t matter to me” I have insurance that covers me. I can just knock the house down and rebuild it. I have duplicate copies of everything in storage in the next town which wasn’t attacked by the burglars. It only takes about 2 hours to rebuild the house and move all the copies back in.
But if you don’t have that insurance, you have lost everything.
That is why it is vital to have backups of everything on your computer. Store the backups safely away from the computer so it cannot be attacked by the ransomware.
In the event of you being infected or becoming a victim of ransomware, a bad or failed program or Windows update, the best, easiest , safest and quickest way to recover is to have a complete current image backup. I use and recommend and use ACRONIS TRUE IMAGE . I use an external hard drive WD My Book 3 TB USB 3.0 Hard Drive with Backup and do a daily incremental backup using Acronis True Image and also have the non stop file backup running, which immediately backs up all my documents and images etc ( in fact I have it set to backup any new or changed files in MY documents, My photos, My Videos and My recorded TV and my Downloads folder. That way the most that can happen is that I lose about 1 hour of work at the most or the last hour of emails.