WannaCry ransomware: What it is and what you need to know

Johns Hopkins computer scientists Matt Green, Avi Rubin discuss the cyberattack holding computers hostage around the world

Johns Hopkins computer experts have been working overtime to help the public understand the ongoing global cyberattack that began Friday and affected 150 countries. A malicious software—or malware—called Wanna Decryptor, or WannaCry, exploited a flaw in Microsoft's software security in order to hijack the hard drives of 230,000 computers around the world, holding data on those computers hostage until a ransom of various amounts has been paid.

At this point, it is unclear who the perpetrators of the attack are, or how much money their operation has raised. JHU cryptographer Matthew Green and computer scientist Avi Rubin have spoken about the attack and how to protect your computer from falling victim.

How do I protect myself and my computer from WannaCry ransomware?

Green, whose research includes techniques for privacy-enhanced information storage and anonymous payment systems, spoke with Marketplace Tech about what people need to do to protect their Microsoft computers from the attack, and the answer is pretty straightforward: "[People] need to install patches. For most people, that means run Windows Update—make sure it's turned on and that your computer is getting updates regularly," Green said. "If you do that, you're fine."

In an interview with Information Management, Rubin, a professor of computer science at Johns Hopkins and technical director of the JHU Information Security Institute, said that "having backups of your data is the best response to the ransomware threat, because if you have data backed up, there is no need to pay someone ransom in the first place—as long as your backups are current."

Rubin further explores the ethics and implications of paying ransom to decrypt information in a recent blog post on the subject.

How did WannaCry originate?

"It was a hacking tool leaked [from the NSA]," Rubin said. "People are creating the variants [of the malware]. I don't think it is happening automatically."

Green, who has discussed the future of ransomware on his blog in a post called by Matt Levine of The Bloomberg View "the best thing to read about ransomware," said intelligence gathering has evolved to include hacking as an essential practice.

Video credit: TED-Ed

"Nowadays in 2017, the way you do signals intelligence is you hack information out of computer networks," he said. "So this is what we created [these tools] for."

However, he added: "Microsoft is certainly right to be upset that a series of very sophisticated hacking tools were developed at the National Security Agency, and then subsequently lost."

Why were hospitals targeted?

Perhaps the most prominent victim of the attack has been the National Health Service in Britain, which was locked out of vital computer data on Friday and began canceling routine appointments in order to manage the crisis. Rubin specializes in computer security for electronic medical records, and said hospitals are especially easy targets for ransomware attacks.

"A lot of health care systems are running older versions of Windows that are no longer supported by Microsoft, such as XP," he told Information Management. "Those [computers] were extremely vulnerable because they had their systems running for a long time without updates. ... You don't hear about any of the top names in the financial industry having been hit with this because those guys usually put a lot of effort and funding into security and so were up to date and not vulnerable."

Correction: An earlier version of this article incorrectly suggested that Edward Snowden's lead was the source of the information that led to the hack. The Hub regrets the error.