'WannaCry' ransomware: Everything you need to know

Bitcoin (Image credit: Shutterstock)

It's almost impossible to have missed the news about the global ransomware attack known as "WannaCry." This malicious program has been locking out access to PCs across the globe and demanding Bitcoin payments in order to decrypt the files on the computer.

Attacks of this scale are scary, especially when large organizations such as the British National Health Service (NHS) and one of Spain's largest telecoms providers are among the victims.

Let's break down some of the facts.

What is WannaCry?

WannaCry is a piece of ransomware that infects computers with the intent of monetary extortion in return for access to the contents of the PCs. It encrypts files, claiming only to let you back in upon receipt of the ransom.

Which platforms does it affect?

So far it only affects Windows systems, with the most well-known target being organizations that are still using Windows XP. WannaCry utilizes an exploit in Windows to get in. The exploits are reportedly ones which were stolen from the U.S. National Security Agency (NSA). The currently supported versions of Windows were quickly patched following the theft, but XP was not.

Microsoft's March 2017 MS17-010 security update (opens in new tab) is where the necessary patches have been compiled.

How big of an attack is it?

According to European authorities, as many as 10,000 organizations and 200,000 individuals were affected in more than 150 countries. It is being described as unprecedented on a global scale.

How much is the ransom?

Right now, $300 in Bitcoin.

How is it infecting computers?

The underlying tool is believed to be the EternalBlue program developed first by American security services and subsquently leaked. A quick definition on how it spreads is such:

The ransomware is using a known, publicly disclosed exploit in SMBv1 (Server Message Block Version 1). It is an application level protocol used for sharing files and printers in a networked environment.

With regards to clicking on suspect links, the advice always remains the same. Don't click on any links or open any files you may have doubts about. In this case it's not necessarily how you'd wind up with this particular ransomware, but there are plenty of others out there that could be trying to get in this way.

If I get hit, should I pay the ransom?

No way! Remember that these are criminals, and chances are you'll be both out of pocket and without your files if you pay. A British security expert explained why to the BBC:

Victims are also expected to contact the criminals for a key to unlock their files, said security expert Prof Alan Woodward from the University of Surrey."I very much doubt anyone would return your contact request, bearing in mind the attention that is now on this," he told the BBC. "If anyone pays this ransom they are more than likely going to send Bitcoin that will sit in an address for ever more. No point."

These people don't want to be found, so they're unlikely to do anything that would give authorities any kind of edge in tracking them down.

Am I at risk?

Sadly, we're always at some kind of risk on the internet. However, Microsoft stated early on that Windows 10 users, with Windows Update turned on and Windows Defender active, should be protected.

See more

If you don't have your updates turned on, then that's a good place to start.

How do you get the files back?

Right now there's not a lot suggesting the files will ever be accessible again. If you don't have a backup, you might have lost your stuff. Good practice is to always back up your important files.

Can you repair your computer?

The folks at Bleeping Computer have a detailed guide. It's not the easiest thing to do, but if you've no alternative then it's worth a look.

Is Microsoft doing anything to help?

Yes. Despite it not really being Microsoft's fault, especially for anyone using the aging Windows XP in 2017, Redmond is jumping in to assist. Official support for XP has long since ended, but Microsoft issued a patch for the OS to try and keep WannaCry at bay. Its success, of course, is dependent on being installed on a non-infected system.

I heard someone cracked it?

A cybersecurity researcher from the UK "accidentally" found a way to slow down the spread of the attack by stumbling upon a so-called "kill switch."

See more

In the simplest form, a domain was found inside the code of the WannaCry program, and by registering this domain it had a dramatic effect, as described to The Guardian:

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.

As long as the domain isn't revoked, the initial strain of WannaCry should begin to fade away. But that's no substitute for making sure your systems are up to date with all the latest patches.

Is it over yet?

The biggest fear over the weekend was that as many returned to work and turned on their machines, a whole new raft of infections would occur. Thankfully, new cases have slowed significantly, and many of the affected have been working to clear the threat since it first emerged.

The NHS in the UK was one of the more high-profile casualties, and while the majority of affected trusts have had the issue resolved, there are still seven suffering the effects going into the new work week.

The warnings are that there will probably be another attempt at an attack, as well.

Your thoughts

That's a quick overview of where things stand right now, but it's an ever-changing situation. We'll do our best to keep on top of the latest details. And if you have anything helpful to share, be sure to leave it in the comments below.

Richard Devine
Managing Editor - Tech, Reviews

Richard Devine is a Managing Editor at Windows Central with over a decade of experience. A former Project Manager and long-term tech addict, he joined Mobile Nations in 2011 and has been found on Android Central and iMore as well as Windows Central. Currently, you'll find him steering the site's coverage of all manner of PC hardware and reviews. Find him on Mastodon at mstdn.social/@richdevine

  • Nasty. Windows Defender to the resque!
  • i wouldnt be suprised if this attack would be planned by Microsoft just to put pressure on companies to upgrade to W10. Sounds like a conspiracy, sounds nasty.. but lets face the truth. Our world is a big piece of s***. I could imagine this scenario and nobody could investigate who started the whole thing. W10 is of course secure... just older systems not. Thats just a coincidence, right? Or not now downvote me, thx :-D
  • You're really mad.
  • If that was the case, Microsoft would've have bothered patching Windows XP years after its support period ended.
  • You guys shouldn't pay attention to this Papala, he's full of bullshits...I've stopped reading his comments, i don't even know what he's doing here...
  • Beware! Microsoft is the real illuminati, the new world order is actually Windows 10 on every machine in the world! They have planned this for ages!!!
  • It turns out that Android is actually W10M with a new skin, and MS conned everyone into using it!!! MWA HAHAHAHAHAHAHAHAH!!!!
  • Android is more like Windows 3.1
  • Lol Mr. Religious
  • Never ascribe to malice that which simply be incompetence. Microsoft didn't need to help narrow focused bean counters screw this up.
  • I don't think MS is involved but it must be an entity that collaborates with nsa...
  • I wouldn't be surprised if you were a paid pro-android FUD troll. In fact, I'd be surprised if you weren't. Cue paps listing all the ms powered hw he most certainly uses /s (for the latter part)
  • Businesses and the MILITARY continue to use Windows XP because it supports programs that Windows 10 doesn't. Microsoft SHOULD keep supporting XP for this reason alone, OR program Windows 10 so that it will now support the programs that businesses and the military need.
  • And which program runs on xp nd doesn't run on w10?
  • Totally disagree. Software developers that should program and refactor their codes in order to be compatible with latest (and more secure) OSes on the market.
    Microsoft has definitely no fault and no way they should continue to hang on older technologies.
  • Ah yes, another grim "life sucks" comment from Pappale to start our day.
  • If that company is worth so much to you. Just pay the damn 300 dollars. It's the only and biggest chance of getting your files back which are probably worth much much more. But it's their own stupid choice of sticking with outdated software...
  • If only you'd read the article...
  • their own stupid choice? Dude... imagine this: You have 1000 computers with Windows XP and some old HW without proper IT team. Now begin to calculate how much money would it cost to: buy 1000 new computers, backup data from 1000 old PCs, install 1000 new PCs, reinstall the backup on 1000 new PCs, educate people who work with these PCs about security / new software, hire a small IT team who will maintain the whole network so.. how much money and time would it cost? If we are talking about a small, privat company.. than OK, they could do something.. but imagine a hospital financed from taxes!  
  • So what you're saying is that those companies using Windows XP will never upgrade. 
  • of course they wont upgrade... and to be honest, those PCs would run W10 very badly.... they need to buy new HW too which will raise the initial costs, not to mention the education of the people working with those ancient systems
  • Seriously? I have a 8 years old computer that runs Windows 10 just fine. You don't need to buy another 1000 computers, unless they are archaic computers, but if someone let your company depends on such old computers then that person is really incompetent.
  • It doesnt matter if a small organisation has one pc or a larger one has thousands. If IT is an important part of the organisations operation then a budget has to be allocated for it and equipment and software updated from time to time. IT is not a buy once and use forever more sort of investment, its an ongoing expense.     
  • Some things you shouldn't cut budgets on, especially when that is how your business stays in business. It's a cost of operation just like rent and insurance. You can't look at it as a capital purchase that you do once and walk away. It's something you need to invest in every year.
  • Imagine how much money it will cost to fix the damage from this attack... And the next one... And the next one... Your economic argument is baseless unless there is no monetary danger to any attack on an outdated system. In addition, the huge costs come when companies wait extraordinarily long times to upgrade, much like deferred maintenance of physical resources always are much more expensive than incremental maintenance/upgrade.
  • its not beaseless... its about POLITICS and OUR TAXES a hospital in debts (iam not talking about British or US ones) can not afford to pay a seperate IT team just to handle situations like this. They need to save money and they will save it on places like this  
  • It is baseless because the money you "save" will be lost in incidents like this. I work in academia and see this all the time. Administrators get matching funds for IT installs in renovations but budget nothing for maintaining the equipment after install. Then they just end up with broken equipment. Here you just get pissed students most of the time, in healthcare at the least you expose personal data, at worst you expose hospital infrastructure. As another commenter said, this is an operating expense, not a one off.
  • ****, I just reported you, instead of upvoting:-)
  • Except NHS trusts have their own IT departments, they don't need a separate company to do the work for them!!!
  • One often meets his destiny on the road he takes to avoid it. - Oogway I imagine they did not want to spend. Now they will have to.
  • What about all those computers in Russia and China that are using conterfiet Windows?
  • Everything works on counterfeit Windows, it just bothers you that Windows isn't genuine. And before XP that didn't even happen.
  • theres this magical thing called linux. Its free, secure and runs well on old hardware
  • Are we really still propogating the myth that unpatched linux machines are more secure than unpatched Windows machines?    We really need to "slapper" some sence into people who contine to spread such FUD.   
  • Honestly... Linux has just as many problems as the rest of them.
  • No OS is completely secure, you do know that the NSA were stockpiling vulnerabilities in not just Windows but Linux, MacOS, Android and iOS as well?
  • Time to consider the Cloud....
  • Is it worth a few hundred to try to get your data back.  If so then pay it.  But then go out and buy a new computer - transfer your data (after scanning with with A/V of course). Very few problems in life can be fixed with money - this is one!  
  • Doubtful paying the ransom will actually get your data back. The hackers are counting on people being dumb enough to pay.
  • Yes it does. Hackers have made more than $30,000 thus far. No case of abandonment on the victims...
  • So 100 people have paid, and if that number grows that will be the vector for them to get caught by, so yes there will be abandonment.
  • Plus companies that paid and got nothing wouldn't publish that.
  • and why is that?! because they are embarrassed they pay the ransom?
  • none has reported!
  • How many of those actually got the decryption keys though, not a lot would be my guess?
  • So... Everyone is arguing with this guy and nobody told him to stfu and READ the goddamn article? It's 300 bitcoins!!!! And 1 bitcoin is worth more than 1,700 dollars. Do the math... Just pay the goddamn 510,000 dollars? Retard...
  • Can anyone be that thick It is $300 worth of bitcoin not 300 bitcoin Retard  
  • I have a friend who is smart about these things but his position is a little overkill because he chooses to neither use nor "support" Windows at all...I felt it necessary to point out that on it's own, it is not to blame, a thing is a thing. Whatever... After all these years, people continue to live their lives in total ignorance 🙄
  • He is a fool if he thinks there are not exploits in Linux and/or Apple products. The installed base and cumulative data worth in outdated Windows systems is just higher, hence better target for spread and extortion.
  • I been dealing with this at work all weekend for customers, if you are up to date on patches you are fine. March and April had security updates that protected against this.
  • The actual flaw is the ancient SMB v1.0 network protocol which has it's roots all the way back in IBM's OS/2 operating system back when MS was in join development which spawned Windows NT (present day Windows). Lots of very old computers and equipment are still tied to SMB v1.0 even though it has long since been superseded by more secure versions. So various entitles are particularly vulnerable clinging to these very old versions of Windows because of a reliance of a piece of equipment thats software is so brittle even a service pack to XP could break it (very common I worked in industrial computers in NT/2K/XP era). Hopefully SMB 1.0 is going to be outright disabled in the near future on Win10, the guy at MS who manages it said they were too chicken to disable it as the uproar from customers would be deafening, well this is what then happens so the upside is MS can at least tell them to move on. https://twitter.com/NerdPyle/status/719977329548664832
  • Thanks for the additional information!
  • So is it coming from a suspicious email, bad websites, or what? Just curious the path to the infection.
  • its explained here: https://www.youtube.com/watch?v=gfWl3YbY46Y  
  • Isn't its name WannaCrypt?
  • Goes by both. General public is seeing it reported as WannaCry through media etc.
  • Does anyone know....
    If I have all my files in C:\OneDrive then the files on the cloud will also be messed up?
    If I don't open or edit the files on my PC then the cloud copies should not be re-sycnronised if they were locked by such ransomware?
    So then I can wipe my PC and download from Onedrive? I don't have the WannaCry anywhere, I am running W10 but I use Onedrive to avoid backing up to external HD daily so am curious. Cheers
  • I doubt Microsoft hasn't put alert in One Drive Windows servers so if Wannacry infected files are uploaded in Onedrive they get automatically removed from the backend by an automated process
  • If the ransomware touched those files and modified them I'm pretty sure the sync client would see that as a change and upload the changes - Don't forget that OneDrive is sync and not backup
  • shaunydub:   "I use Onedrive to avoid backing up to external HD daily"... This is a very common belief amoung non-tech computer users.. and I must tell you it leaves you VERY VERY vulnerable.  This is why I am many others stress to no end, an always online real time syncing cloud service is NOT a suitable backup strategy at all BY itself as your OneDrive data is exteremly vulnerable to data destroying malware such as WannaCry... Of course a bigger risk of the OneDrive/googleDrive/dropbox only backup strategy is data loss due to human error.. (accidental deletions, overwriting, etc).    The fact that your OneDrive storage is online and "live", yes the moment malware touches any local copy of those synced files, OneDrive will happily synchronize those changes over to the cloud storage no questions asked.     In addition, don't assume all malware will only attack files on the local machine... If the malware is running logged in as you and your account is logged into your cloud drive 24x7, there's no reason the malware of the future can't simply attack your cloud storage directly regadless of whether you have a local synced copy of those files. This is why we should always make sure to have 2 different backup sources wherever possible (3 is the prefered way to protect yourself from all reasonable threats short of nuclear destruction)... For basic home users I always recommend 2 backups.. One online, and one offline.   Onedrive is prefect as your online backup protecting you if the client device you are using suffers from a catastrophic hardware failure (drive failure, loss of decrption key), suffers a calamady (destroyed in fire, dropped in a lake), or lost posession of (theft, siesure).   However, you STILL need a second backup source who's backup data is "Offline" and not accessible to the original machine after the relevant data backup is performed.   This is your protection from this type of malware and user error...     Most commonly for home users this is done using an external drive or NAS.  Of course, just because the backup is done to an external media does not mean it's "Offline"...  If the drive is remains connected (or network accesible) 24x7 and the individual backed up files are still visible and editable directly by any local program (for example, word or excel) then malware still can nail those files directly as well...    The "offline" backup needs to be able to keep incremental changes to the data set so that if a corruption is discovered after the fact, even after another backup is performed post-corruption, you always have a point of time you can "roll" back to..   Of course, malware makes the news.. but the number #1 case a home user discovers the need for this type of backup is when they delete some file and then realize days/weeks later they want it back and it's long gone from onedrive/recycle bin/etc.      Windows File history is one way to produce proper "offline" backups to external media, so are most backup utilities/systems like Windows Home Server.. or even a manual cut and paste into a rotating collection of zip archives for those who backup manually...  Of course, this "offline" backup set is still not 100% safe and why a 3rd backup that's air-gapped from your production systems is required for 100% coverage (desirably completely offsite from where the systems are physically located). The offline backup set is still vulnerable to malware that knows how to directly attact different backup technolgies.   A more likely threat is due to malicious users or an inside hit job.   Of course, this third backup strategy is more expensive to maintain and thus you never see a home user do (and I rarely recommended it)... But for my sole proprieter and small business clients and up... It's an absolute must..  Whether they simply rotate a set of external drives where one is stored in a trusted offsite location... to using paid 3rd party backup cold storage (carbonite, amazon S3) So given that, I strogly recommend you reconsider your stated backup strategy of not complimenting your  "online" backup sources with an additional "offiline" backup source.   At a minimum make sure you are getting a snapshot of your "onedrive" root folders onto an external drive.. Use Windows file history to do this for you automatically if anything.   
  • Thanks for your detailed reply. I have several USB drives and backup to those between once a fortnight and once a month - mainly depending on how many new photo's / music I added to my PC so worst case I will need to rip a few cd's and copy some pictures from my camera / phone. I believe not many users will be backing up daily or weekly or keeping 2 or 3 backup drives in rotation, what worries me is that my company we are introducing O365 and advice from IT is that Onedrive should be used as our one place to store files and as our corporate backup solution and not use our old USB drive method. Does corporate Ondrive/O365 have stronger encryption than normal services? Also wonder how it affects things like Steam where save games for instance are synched to Steam cloud - if local files are corrupted is there a risk of infecting Steam or GOG?
  • I'm still using Windows XP on a Netbook and I haven't been infected yet,I saw I dont have antivirus installed, but last time I tried Avira my netbook was slowed down so much that I had to uninstall, I guess I just have to be careful then until virus gets neutralized in next few days
  • watch this: https://www.youtube.com/watch?v=gfWl3YbY46Y you are a potential victim
  • There is a new patch for XP that mitigates this ransomware, yes this ransomware is that serious that Microsoft released a patch for an OS that is over a decade old.
  • Is windows 10S immune to attack like these without updates?
  • yes
  • All up to date W10 installs are safe.
  • All up to date Windows 7 and 8.1 installs are also safe. 
  • Even Windows XP devices with the newest update are safe...
  • How can the NHS with Billions of £'s as a budget still be running Windows XP...heads should role over this.
  • Local trust here was on the news and apparently spent £22k of its budget on IT last year. I think I probably spent a quarter of that on my own IT!
  • It's not really the money, it's that they failed to safeguard our citizens.. There are ops being cancelled, data that will never be recovered etc. doctors having to write notes on paper. It's an effin scandal and you can bet that Jeremy Hunt - Minister for Health will not take the blame for it.
  • The process and planning to update critical systems takes a long time and in healthcare it's made more difficult with little-to-zero downtime available, political and / or budget constraints and constant changes to priorities. Typical example: an MRI scanner is attached to an XP system(s).  That scanner's service contract is long out of date; the provider won't touch it or support it going forward other than costly adhoc maintenance, the hospital can't afford to replace it at this time and no-one makes/understands the software drivers anymore to update it for a newer OS platform. And if even it were possible, it would cost just as much to replace the entire aging scanner itself, there's a LOT of testing that goes into stuff like that so that people don't die, hence why they're so expensive in the first place. Given the size of the NHS, the problem has been mounting for years and years with no end in sight so things just get left as they are, since most things just work.
  • Look there's no denying there are single purpose XP systems out in the field such as this.. But is that hypothetical XP system you are refering to also the sole storage and only copy of the imaging artifacts the machine has recorded over it's entire productive life?      I'm would not be overly concerned about the fact the system is running XP here.. A malware hit would likley call for a reimage at worse and a few hours of downtime...    The criticism of the choice is depending on out of support computer system to store data that would be disruptive to a business should the data be lost or corrupted is what should be questioned here. 
  • So if the Daily mail or other such tabloid had reported the NHS has spent £100 upgrading from XP to teh latest OS which included updating all the outdated systems software they use for the eventuallty of a ransomeware attack that had not happed yet... would you have been happy. Just look how long it took the NHS to get back online without paying any bitcoins... This was an amazing feat of IT support ober the weekend. 2 years ago after Microsoft updated my server with an auto update, it killed my server for 3 days... and that was just one Server with 7 users... I cant imaging how many users the NHS has!
  • The NHS trust in my area wasn't affected but I guess they updated to Windows 7 and fully patched it. All NHS trusts were ADVISED to upgrade from XP to Windows 7 and some of the trusts, AFAIK, were in the process of doing the upgrades before this hit. The Ministry of Health decided not to renew the support contract with Microsoft as well.
  • As I said in as different thread the decision to upgrade was taken by the trusts themselves, its really nothing to do with the cancelation of the XP support contract which by the way was extended for a further year giving trusts ample time to move to Windows 7. 
  • FedEx US main Hub in Memphis stopped by this Malware. A coupe of major companies in Victoria Australia also affected on commencing operations on Monday.
  • Think about how much they will have to pay out in late fees for packages not arriving on time or items damaged by delay. I know we used to demand and get refunds from FedEx when priority overnight shipments were delayed. As a client you expect FedEx to have their distribution system protected.
  • The only good thing to come from this is people/companies will wake up and keep their systems up-to-date.   However, any company STILL running XP on internet-facing computers deserves whatever they get.  That is beyond incompetent. 
  • The NHS XP machines aren't even covered by the extended support AFAIK - The UK Gov decided it wasn't worth paying for
  • That and NHS trusts were advised to upgrade to Windows 7
  • I guess MS will reach the one billion win10 pc users goal sooner than anticipated with this exploit....!
  • Is Windows 95 affected by this? I still keep an old Windows 95 PC running for fun and to run as a personal cloud file server of sorts. It's unattended for the most part, should I be worried though? Or is Windows 95 so old that this wannacry program is literally incompatible with Windows 95?
  • W95 has an SMB client, so if it is connected I would think it is vulnerable.
  • Yes, all cliends using SMB v1 can be infected.  This includes win95 through win8.x.  Granted, Newer OSs (Vista and newer) only use SMBv1 if it is forced to use it.  Win10 will only go back to SMBv3 I believe, so it is not affected by this. Don't use win95 for a file share box.  Use something like FreeNAS.  The initial setup is a bit of a pain, but overall it is much better/faster/safer to use... and FreeNAS will teach you a thing or two in the process.  Win95 is vulnerable to a great many passive threats outside of this virus.  Just connecting it to a network can infect it; no need to browse the web to catch somethin on that.
  • Oh I figured most modern viruses simply wouldn't run on Windows 95 because they're probably written to support only newer OS's. I assumed Windows 95 is therefore technically immune to modern viruses.
  • The reverse is actually true. Most exploits are designed to take advantage of legacy flaws in subsystems designed before pervasive always connected devices. OSX benefits a little from the complete rewrite it got separating it from System 9, but as demonstrated the last couple of years, that isn't perfect either. Legacy back support is usually the biggest problem.
  • The hackers will probably take pity on you and send you the ransom instead ;-)
  • Nothing wrong with Windows 95... It's always interesting to see the first design of what Windows is of today.  From right clicks to Windows explorer or even the control pannel. Almost every OS forward used the same design aspects.
  • And the UK Government thought it wouldn't need to bother paying for the extended support for their Windows XP machines....nice decision /s
  • What could go wrong using an OS from the dialup age in the always connected age?
  • MS had a deal with the UK goverment and extended support for a further year from the date when support for XP ended in actual fact. NHS trusts then had a year to upgrade. Some did, some did not and paid the price this last weekend. Support did not just stop overnight which is what is being implied in some quarters!
  • 1) Don't use XP
    2) Don't use out-dated protocols like SMB1. Even a win8.x machine can be affected if SMB1 is forced to be used (and the patch released last month not applied)
    3) Don't turn off Automatic Updates in this day and age. Ever. Period. Sure, pick-and-choose about optional updates; but security and critical updates should always be applied automatically.
    4) Don't use XP *voice of David S Pumpkins* Any Questions?
  • Well I don't have Bitcoins nor do I plan to. If I ever get infected I can do one of my favorite things....REFORMAT I don't keep anything on my OS hard drive that is valuable....it's all on thumb drives....so screw `em.
  • I also do not have any data on my OS drive, but how is that going to stop this? My friend was hit last year with Ransomware... what it did was gradually over a period of about 1 day encrypted thousand of files not only on his OS drive, but also his external hard drive, and also all the files that were not already password protected on his mapped drives on his NAS. also what happened was he has a OneDrive mapped to his PC, it encypted all those files.. then synchronised with the cloud, and all his onedrive files local and remote were encrypted !!   And yes, I also love re-formatting. Proves to myself that I have everything backed up as well as a spring clean
  • Just make sure those thumb drives aren't connected if you get this ransomware as they will be encrypted as well.
  • The "kill switch" has been removed from this thing. So it might start spreading again. "Hackers have since updated the ransomware, this time without the kill switch. New variations of the ransomware have popped up without the Achilles heel and bearing the name Uiwix, according to researchers at Heimdal Security."
  • A similar Ransomware attack had happened at the University of Calgary (Canada) last year I think. The University officials decided to pay the ransom to get their decades of research files back. Hard choice to make really, pay or don't pay.
  • That's a really big gamble as well, some hackers will just take the money and run leave you with encrypted files and less money in your pocket.
  • As adviced by almost all cyber security experts DO NOT PAY EVER!. these guys are criinals, they will take your money and flee. Why would they every do anything that couls trace it all back to them? Only reason for asking payment in bitcoin that it cannot be tracked. Good thing coming out of it is that movements related to controlling bitcoin and governing it universally will gain traction and support
  • Seems it's back to the old pen and paper... :v
  • Should have offered XP users to free upgrade to Win10S.XD
  • it was offered when Windwos 8 and then 10 was launched toconsumers. Such offers cannot stay forever. Enterprises of course have to pay. Reason for an organization like NHS was not as much about money as the effort to install it in so many machines, training people how to use it and then face their wrath for some or the other thing not working. It was pre laziness and beuraucracy and not money.
  • Is this a Windows 10 propaganda? Damn! Even here and in such an extraordinary way! Phew!
  • the blame games are everywhere. MS President is blaming the NSA for storing (stockpiling) such vulnerabilities for no reason, and eventually loosing it. A writer accuses MS for developing a patch in Feb and releasing it to 'supported' systems in March but not to XP or win 8 RT or server 2003. I can't understand why should MS release patches for OSs it has long stoppoed supporting. Morevoer, it provided 'Free' upgrades to almost all such systems but IT organizations were just too lazy and miserly to do anythign about it. NHS has such a big IT spend. yet it runs XP!. Seriously guys running XP for commerical business in today's age have no right to blame MS. No OS is designed to live forever and with time you need to upgrade the software, just as you upgrade the hardware. Yes, it will benefit MS to some extent as some of these organizations will now ove to latest versions of windows, but blaming MS for this canbe nothing more than a stupid consipracy theory. If it so wanted, best time was soon after stoppoing the support to win XP. right now, it will hardly be worth the beenfit.More so considering the risk, if anything traces back to MS about this.
  • How come it's never reported on who's behind this and how they are getting money?
  • Because there's no way to trace a bitcoin account. Once you send bitcoin to a random address it's gone. Unless, of course, the person on the other end is legitimate enough to send it back.
  • Bitcoins is full of *****, they should kill it, many peoples use it to do nefast things, it's the devil currency...
  • The Devil ? What is this bible school ?  Grow up.  If you FOUND (as you needed to "mine" to find it) 10,000 in bitcoin (and it was possable to mine for that much at one point) you would be a millionaire right now. Anything's value is only what another person is willing to pay for it. If No one would accept bitcoin, it would have no value.
  • can we recover files using a bootable usb of any OS?
  • Virtual machine is cool for that, use a system for surfing the net and other things and an another system for Works Exclusively without connection... I use a Macbook Pro with Win 7 installed with all i need for works and i cut the connection when i need to surf the web, i boot on Mac OS. I would like to really try Win 10, but i will wait to buy an anothe laptop, don't want to reinstall everything for now... I always been fascinated by the Hackers World, but they should never touch anything relate to healthcare, this is like killing peoples...
  • Just glad that MS takes security more seriously these days.
  • Mr. Robot in action