Online Support

Managed Hosting Specialists

Providing expertise, advice and peace of mind

2015, 2014 & 2013 ISPA Best Business Hosting Award Winner

Over 150 years combined experience in keeping web sites & apps online

World ranking in the top 10 for speed and uptime

100% UK based hosting

Most people nowadays understand not to download suspicious software from obscure websites and how to turn on an anti-virus software. That is not enough to protect you from the WannaCrypt virus though. It gets into your computer through innocent looking emails and once it downloads in the background of your computer it spreads through your network like wildfire.

It uses an outdated Windows Server networking protocol to unleash its wrath on unsuspecting networks. Microsoft is given credit for this protocol's creation but, IBM created it in early 1983. Over time Microsoft took over its development. If you ever streamed a video from Windows Media Player to another device on your network than you have seen this protocol at work. This protocol became the standard for almost all operating systems including; Linux, macOS, and Unix.

The reason it spreads like wildfire is because of the mentioned standardization. Since it attacks your entire network once one computer gets it, they all can. The technology exploited and used to spread WannaCrypt was built from the NSA hacker tools known as EternalBlue/DoublePulsar. These tools allow remote host to run code on Windows system via the Windows Sere networking protocol via SMB made packets. DoublePulsar is a trojan horse that creates and opens a back door on the infected machine(s). These combined open the doors for the virus to spread.

After your machines are infected it will create a registry file hidden deep inside your machine. This file will then unzip the actual archive that infects the computer. This hurtful program than begins to encrypt every file it can scan. It starts renaming the files it scans by adding "WNCRY" to each file name. For example if you have a file called "Storm Internet How-To.pdf" it would rename the file "Storm Internet Hot-To.pdf.WNCRY."

Then the real virus kicks into overdrive and started encrypting all your shadow and backup drives. It prevents you from being able to recover your system via a local-backup.

The virus assk for $300 worth of bitcoin to get your system back but, there is no record of anyone paying and getting access back.

How can I protect Myself?

Windows has released a patch for this exploit. They even released an update for Windows XP to fix this exploit which is unheard of for a discontinued operating system. All you have to do is keep your operating system updated and stay calm.

Once you get the virus there is no fix so stay smart while online and maybe be more reserved on which emails you open for a few weeks. If there is a fix found I will either update this article or write a new one with more information.