CYBER ATTACK: What is a Wanna Decryptor and how does it work?

Wanna Decryptor is a piece of malicious software that encrypts files on a user's computer, blocking them from view and threatening to delete them unless a payment is made.
The Tries want Britain to be 'the safest place in the world to be online'The Tries want Britain to be 'the safest place in the world to be online'
The Tries want Britain to be 'the safest place in the world to be online'

The virus is usually covertly installed on to computers by being hidden within innocent-looking emails containing links, which users are tricked into opening.

Once opened, the malware can install on to a system without the user’s knowledge.

Hide Ad
Hide Ad

The virus is then able to encrypt files and block user access to them, displaying a pop-up window on-screen telling users they have been blocked and demanding payment - often via a digital currency such as Bitcoin.

Transactions through digital currencies such as Bitcoin are harder to trace as they do not involve a central banking system to process or confirm transactions, instead relying on other users to do so in a peer-to-peer system, which increases the chances of anonymity.

It is possible to remove ransomware such as Wanna Decryptor without payment by using advanced anti-malware software.

The malware can also be removed manually with a computer in “safe mode”, however security experts warn this runs the risk of damage to a PC as users must go through sensitive system files in order to find and isolate files created by the Wanna Decryptor software.

Hide Ad
Hide Ad

Ransomware does not traditionally aim to steal personal or sensitive data held on a computer or system, instead focusing on blocking access to and threatening to delete files.

Aatish Pattni from cyber security firm Check Point, said the version of Wanna Decryptor used in the attack was a new piece of malware.

“The ransomware used in this attack is relatively new - it was first seen in February 2017, and the latest variant emerged earlier today, Friday 11 May,” he said.

“Even so, it’s spreading fast, with organisations across Europe and Asia being hit.

Hide Ad
Hide Ad

“It shows just how damaging ransomware can be - and how quickly it can cause disruption to vital services.

“Organisations need to be able to prevent infections taking hold in the first place, by scanning for, blocking and filtering out suspicious files content before it reaches their networks.

“It’s also essential that staff are educated about the potential risks of incoming emails from unknown parties, or suspicious-looking emails that appear to come from known contacts.”