- Publish Date
- Monday, 15 May 2017, 9:44AM
An unprecedented "ransomware" cyberattack that has already hit tens of thousands of victims in 150 countries could wreak even more havoc this morning as people return to their desks and power up their computers at the start of the work week.
If you’ve been hacked your computer's background will become red, with the message “you’ve been taken hostage”.
Once your computer is infected, the attack can do a couple of things. One common approach: Your files will be encrypted or converted into a different language for which only the hacker has the cipher. Often, you won't even know you've been targeted until you try to open a file.
Another, more damaging version is when the ransomware locks you out of your entire system.
How did the attack spread? Hackers sent a zip file attachment in an email. When victims clicked on it, their computers were infected. But the attack doesn't stop there. The ransomware will spread through your computer's networks.
Officials and experts on Sunday urged organisations and companies to update their operating systems immediately to ensure they aren't vulnerable to a second, more powerful version of the malicious software. The cyberattack paralysed computers that run Britain's hospital network, Germany's national railway and scores of other companies and government agencies worldwide.
The attack, already believed to be the biggest online extortion scheme ever recorded, is an "escalating threat" after hitting 200,000 victims across the world since Friday, according to the head of Europol, Europe's policing agency.
"The numbers are still going up," he said. "We've seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released."
The attack held users hostage by freezing their computers, encrypting their data and demanding money through online bitcoin payment - US$300 ($437) at first, rising to US$600 ($875) before it destroys files hours later.
Had it not been for a young British cybersecurity researcher's accidental discovery of a so-called "kill switch," the malicious software likely would have spread much farther and faster.
The 22-year-old researcher known as "MalwareTech," who wanted to remain anonymous, said he spotted a hidden web address in the "WannaCry" code and made it official by registering its domain name. That move, which cost just $10.69, redirected the attacks to the server of Kryptos Logic, the security company where he works. The server operates as a "sinkhole" to collect information about malware - and in Friday's case kept the malware from escaping.
While that quick thinking may have slowed the outbreak, MalwareTech said he was now looking into a possible second wave of attacks.
"It's quite an easy change to make, to bypass the way we stopped it," he told the AP.
To keep your computer safe we recommend backing up your hard drive.
Avi Rubin, a Johns Hopkins professor who studies computer hacking, has one other piece of advice: If you or your business get attacked, don't pay.
"You're funding the bad guys and giving more incentive," he said. You also don't know whether your files will really be restored.