Global Ransomware Attack May 2017

WannaCry Global Ransomware Attack May 2017 (Updated)

What is Ransomware?

Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection

How much are victims expected to pay?The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back

May 2017 WannaCry Attack:

Cyber chaos spreads as workers log in following weekend 'ransomware' attack and companies around the world are hit


  • The WannaCry 'ransomware' cyber attack created chaos in at least 150 countries.

  • Initial wave paralysed UK’s NHS computers, German national railway and global firms.

  • Chaos has spread today and nearly 30,000 institutions have been hit in China.

  • Factories, banks, government bodies and transport hit in 150 countries.


Researchers have observed 200,000 infections in 150 countries with Russia, Ukraine and Taiwan the top targets.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack "the biggest ransomware outbreak in history".

Experts at GCHQ’s national cyber security centre were helping NHS teams fight the attack. The US Department of Homeland Security said late on Friday that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.


The attack has been declared a major incident, and has spread to Scotland, where crisis meetings were also being held last night.

A computer hacking group known as Shadow Brokers was at least partly responsible. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria.

Recent Targets:


Germany's main train operator Deutsche Bahn was attacked by ransomware


In Italy, one user shared images appearing to show a university computer lab with machines locked by the same program.

How to Protect Yourself!

  • Back up your files

The greatest damage people suffer from a ransomware attack is the loss of files, including pictures and documents.

The best protection against ransomware is to back up all of the information and files on your devices in a completely separate system. A good place to do this is on an external hard drive that isn't connected to the internet. This means that if you suffer an attack you won't lost any information to the hackers.

Businesses often save copies of their data to external servers that won't be affected if their main network is attacked.

  • Be suspicious of emails, websites and apps

For ransomware to work hackers need to download malicious software onto a victims computer. This is then used to launch the attack and encrypt files.

The most common ways for the software to be installed on a victim's device is through phishing emails, malicious adverts on websites, and questionable apps and programs.

People should always exercise caution when opening unsolicited emails or visiting websites they are unfamiliar with. Never download an app that hasn't been verified by an official store, and read reviews before installing programs.

  • Use an antivirus program

An age-old computer security tip, antivirus programs can stop ransomware from being downloaded onto computers and can find it when it is.

Most antivirus programs can scan files to see if they might contain ransomware before downloading them. They can block secret installations from malicious adverts when you're browsing the web, and look for malware that may already be on a computer or device.

Always install updates!

To update ourScanGuard app, please follow the steps below:

Step one: Hover your mouse over the up arrow on system tray next to the clock and click on it to show all running apps.

Step two: Find the ScanGuard icon and right click on it.

Step three: Click on “Check for updates”

Companies often release software updates to fix vulnerabilities that can be exploited to install ransomware. It is therefore advisable to always download the newest version of a software as soon as it is available.

  • Never pay the ransom

Victims of ransomware attacks are advised to never pay the fee as it encourages attackers and may not result in files being recovered. There are some programs that can help decrypt files. Or, if you have a back up, you can restore your device from that.

  • What to do if you're infected!

You'll immediately know whether you're infected — you'll be greeted by a popup screen saying "Ooops, your important files are encrypted."

And by "important," they're talking about your most commonly used files — including .mp3 audios and .mp4 and .avi videos; .png and .jpg images; and .doc and .txt documents. The worm also targets any backup files you may have made, so you can't even restore older, safe versions.

Analysts said you should not click the "check payment" or "decrypt" buttons in the popup message.

Instead — if you're able to — download and install Microsoft patch MS17-010, which should work on Windows systems going all the way back to Vista.

Microsoft Patch Download: Click Here

Recent UK's NHS Coverage on SkyNews Twitter: