What to Know About WannaCry

You’ve probably heard news reports about “WannaCry,” the near-global ransomware attack on computer systems that holds your data hostage until you pay the attacker $300 in bitcoins. And you’re probably wondering if you should be concerned about your digital life.

Everyone should be concerned about computer safety all the time. Bad actors from criminals to anarchists and even rogue governments are always out there, looking for new ways to exploit technology for financial or political gain. The latest reports have linked WannaCry to a shadowy operation run by North Korean agents.

How Did the WannaCry Attack Happen?

WannaCry uses an exploit in older versions of Microsoft Windows that was discovered by the National Security Agency but about which the NSA did nothing to notify Microsoft. When exploits are discovered by non-governmental organizations, it’s customary for the discoverers to notify the software developer and give them time to address the issue before it goes public. In those situations, a financial “reward” may or may not be offered.

However, it’s become clear that when governments discover serious exploits that could potentially make backdoors into encrypted computers available, they would rather hold onto that information than take any steps that could remediate the situation. But governments aren’t invulnerable to their own leaks and hacks, and this information ended up on WikiLeaks for all the world to see. The fact that the NSA knew about this vulnerability, did nothing to publicize or fix it, and it still found its way to the public only serves to validate Tim Cook’s opinion that “a backdoor for the good guys is a backdoor for the bad guys.”

Is My Website At Risk?

Potentially, but not likely. This particular exploit affects older versions of Microsoft Windows only. While there are still hundreds of thousands (if not millions) of such computer systems out there around the world (including the U.S.), they are not the typical configuration for webservers, which more likely run a variation of the Unix operating system. However, a Windows system does have the capacity to run a WordPress site, and PHP files are just one of the targets of WannaCry’s encryption scheme.

If My Website Isn’t At Risk, Then Why Should I Care?

This incident is one of the most high-profile reminders yet of why it’s important to keep your software—all of it—up-to-date. I’ve written here already about the importance of keeping your WordPress core and plugins up-to-date, but I implore you to not neglect your everyday computers—including your smart phone. Previous attacks have targeted software that powers websites, and the next major website attack is undoubtedly lurking out there, ready to strike at any time.