SAN FRANCISCO — It’s on track to be one of the biggest recorded ransomware attacks ever, with tens of thousands of infected computers in nearly 100 countries.
Friday’s attack largely hit businesses and large organizations: UK hospitals, a Spanish telecom, FedEx, the Russian Interior Ministry. But how much do individuals need to worry about their personal computers being targeted?
Ransomware is a type of malicious software that takes over a computer and locks the user out, preventing them from accessing any files until they pay money. This particular program, called WannaCry, asks for about $300, though the price increases over time.
WannaCry takes advantage of a Windows flaw discovered by the NSA and made public by hackers in April. Microsoft did release a patch for the vulnerability in March. But computers and networks that didn’t update their systems were still at risk.
On Friday, a security researcher inadvertently created a “kill switch” to help stop the spread of this ransomware. However, a hacker could rewrite the code to omit the kill switch and start trying to infect new machines with a new version of it.
The worm is primarily impacting business, where it can spread quickly through a network to take down an entire company. Business take longer to install critical updates and patches, often to avoid impacting any legacy software they are running.
But individuals with PCs running Windows should still take a few precautions. First, install any software updates immediately and make it a regular habit. Turn on auto-updaters where available (Microsoft offers that option). Microsoft also recommends running its free anti-virus software for Windows.
If you don’t already have a backup routine, start now and regularly save copies of all your files. That way if your machine gets infected and your photos and documents are encrypted, you don’t need to worry about losing them.
Finally, always stay alert. Don’t click on links that you don’t recognize, or download files from people you don’t know personally.
It’s not just your computer that you need to be worried about. This attack has impacted many large services and organizations, including hospitals in England, a telecom and natural gas company in Spain, and FedEx. Basic services that impact your life could be impacted even while your own machines is clean.