Update Your Virus Software: New WCry Ransomware Spreading Quickly

Last Edited: May 13, 2017 | Published: May 13, 2017 by

Update Your Virus Software: New WCry Ransomware Spreading Quickly

If you use Microsoft Windows, it’s time for you to make sure your antivirus and malware scanners are up to date and functioning properly. In fact, you may want to go ahead and do a scan just to be safe? Why? A new WCry ransomware attack has been spreading very quickly and has already infected thousands of computers around the world.

According to Forbes, hospitals in the UK have been hit hard by this ransomware, with many hospitals being shut down. Patients are being turned away and employees are being sent home because the ransomware has crippled the machines that are so vital to a hospital these days.

This ransomware is known as WCry, but also has been found under other names including WannaCry, WannaCryptor, WannaCrypt, and Wana Decryptor. All of these different names reference the same version 2.0 of WCry, BleepingComputer reports.

This ransomware appears to be based on one of several National Security Agency (NSA) tools that the hacking group known as The Shadow Brokers acquired and released into the wild. All total the group leaked about a gigabyte of weaponized software exploits, including this one that focuses on different versions of Windows.

Earlier, a researcher at Kaspersky Lab discovered that at least 45,000 machines had fallen victim to the malware, and the numbers keep growing. According to Jakub Kroustek, security researcher at Avast, the ransomware infected over 57,000 computers in just a few hours. What’s worse is that this could just be the beginning. Malwaretech even has a real time map to show the infections.

The ransomware is a particularly nasty one, too. Reports indicate that those who fall victim to the bug are asked to fork over $300 in order to decrypt their files. On top of that, they are told they only have 7 days to pay up or their data will be lost forever.

Infections have now slowed down thanks to MalwareTech. They registered a domain that the ransomware checked before executing. By having the domain registered, it acts as a kill switch for the software as the domain must be available in order for it to execute. A strange way of creating ransomware, but still it was enough to disrupt many systems around the world. You can imagine that the ransomware creators will adjust the virus and re-release it so you still must remain vigilant.

Initially, it seems that Spain was the first to experience this ransomware. However, in a matter of a few hours it had spread to machines around the world and hitting the UK health system pretty hard. While the infection rates have slowed, don’t expect it to stay that way. Initially this virus was spread through emails containing infected files but it was also spread by the Eternal-Blue exploit.

As always, never open any attachments if you aren’t sure where they came from or if they look suspicious. Of course, make sure you run up to date virus and malware software and also make sure your version of Windows is completely up to date. This will minimize your risk.

Have you been infected with the WCry malware? If so, did you pay the ransom or are you exploring other avenues to regain access to your files? Tell us abour your experience in the comments below.

About the author

Matt Garrett

Matt is an IT professional with over fifteen years experience supporting network infrastructure and computers. An avid gamer, Matt enjoys his time playing and writing about his experiences both in the IT world and in the gaming communities. You can find more of his writing for LaptopNinja where he enjoys talking about everything tech.

See all posts from Matt Garrett