Venture Explains: Ransomware

What happened? Recently, a group of cyber extortionists used hacking tools thought to have been developed by the US National Security Agency to infect tens of thousands of computers across almost 100 countries, disrupting Britain’s health system, global shipper FedEx, Spain’s Telefónica and Russia’s MegaFon telecom giant.

How did the cyber attackers do it? Victims were tricked into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

What’s the motive? The ransomware—called WannaCry—encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, which is notoriously difficult to track online.

How widespread was it? Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, with Russia, Ukraine, and Taiwan the top targets.

How was it stopped? A cybersecurity researcher appears to have discovered a “kill switch” that can prevent the spread of WannaCry. The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. The researcher warned, however, that people “need to update their systems ASAP” to avoid the attack.