Key facts about WannaCry virus

A programmer showing a sample of a ransomware cyberattack on a laptop in Taipei on Saturday (May 13).
A programmer showing a sample of a ransomware cyberattack on a laptop in Taipei on Saturday (May 13). PHOTO: EPA

Q What does the WannaCry virus do?

A It locks computers so that users cannot access their files or programs. Hackers ask for payment to safely release the computer. This type of virus is also known as ransomware. WannaCry and its variants like Wana- Crypt and Wanna Decryptor target computers that use Microsoft's Windows operating system.

Q How does it infect computers?

A By e-mail. Users receive a file, usually in a .zip format. When the user clicks on the file or opens it, the virus will automatically spread and lock up files and programs. Once the computer is fully infected, the user can access only two files - instructions on what to do next and the virus program itself.

Other forms of ransom- ware lure users into clicking on a fake link in an e-mail or on a bogus website. It will then release a virus that corrupts the computer.

Q Ransomware is not new. Why the panic?

A The speed and scale of WannaCry's spread has alarmed security experts.

Within hours of it being discovered on Friday, over 57,000 attacks were reported across 99 countries, with Russia, Ukraine and Taiwan reportedly the top targets.

Operations in large organisations like Britain's National Health Service, global shipper FedEx in the United States and the Russian Interior Ministry have been affected.

Experts say the malicious software is spreading at a rate of five million e-mails per hour.

This virus has been designed as a "worm", which means it can automatically spread to other computers in the same network.

Q How can one protect one's computer?

A Microsoft has issued automatic Windows updates to defend its clients from it. Additional measures include using a reputable antivirus software and a firewall, backing up files in a separate system and setting a popup blocker. Beware of clicking links or files in e-mails or on suspicious websites. Users who receive a ransom note should disconnect the computer from the Internet and alert the authorities.

Q Who are these hackers?

A No one has claimed responsibility so far. Experts speculate that it could be a large cyber-criminal gang or even state governments like Russia and China.

Q What do they want?

A The hackers are asking for payment of US$300 (S$418) to US$600 in bitcoin, a digital currency, to restore access. Users are warned that if they do not pay up in a few days, their files will be deleted. The hackers give instructions on how to buy bitcoin and which bitcoin address to send it to.

Governments have advised users not to pay the ransom, as it encourages these hackers.

Q Where did this virus come from?

A The US National Security Agency was the first to discover a flaw in Microsoft's Windows operating system that allowed it to develop a way to hack, or gain access to, computers used by terrorists and enemy states. The flaw, and a tool to exploit it with malicious software, was made public last month by a hacker collective known as Shadow Brokers.

A version of this article appeared in the print edition of The Sunday Times on May 14, 2017, with the headline 'Key facts about WannaCry virus'. Print Edition | Subscribe