Name: Why Was the WannaCry Attack Such a Big Deal?
Uploaded: 2017-11-07T08:37:25.000Z
Duration: 5 min 40 s
Description: Thousands of YouTube videos with English-Chinese subtitles! Now you can learn to understand native speakers, expand your vocabulary, and improve your pronunciation...

It was all over the news on Friday, May 12th:

Hospitals in the UK couldn’t get access
to their systems and were turning patients

Car factories in France had to shut down.

A Spanish telecommunications company told
their employees to shut down their computers.

Computers all over the world were being infected
by WannaCry, a massive hacking attack that

By May 14th, more than 200,000 computers in
more than 150 countries had been affected.

And yet, the attack didn’t seem to cause
much long-term damage.

The hackers only made about $100,000 in total.

We just witnessed one of the largest and strangest
computer attacks ever.

WannaCry is an example of a type of attack
called ransomware, where the data on an infected

In return for restoring access to your files,
the hackers demand a ransom payment — in

this case, either $300- or $600-worth of the
digital currency bitcoin.

There are lots of kinds of ransomware out
there, but WannaCry spread very quickly using

a tool that security experts believe was created
by the NSA.

To be clear, the NSA wasn’t interested in
ransom, just in snooping, but they created

a tool that took advantage of a security weakness
in Microsoft software.

This tool, dubbed EternalBlue, exploits a
vulnerability in something called the Server

The SMB protocol is basically a system for
sharing file access across a network.

It’s used by lots of people all the time,
and the reason why you might never have heard

of it is that normally, it’s totally safe.

Well, the NSA discovered that in some versions
of Windows, the SMB protocol can be tricked

into accepting packets of data from remote
attackers.

EternalBlue was designed to use that flaw
as a way in.

That’s pretty freaky to think about, but
no one outside of the NSA would have known

about it — and WannaCry might never have
happened — if it weren’t for a leak earlier

In April, the Shadow Brokers, a group of hackers
that’s thought to be tied to Russia, stole

EternalBlue from the NSA and published the
exploit online.

Microsoft quickly released a patch for the
issue for the operating systems they still

officially support, like Windows 7 and Windows
10.

In theory, that should have headed off any
potential problems.

With the patch, EternalBlue would be useless.

But, not everyone actually installs patches
and updates their systems regularly.

I mean, at some point we’ve all clicked
the button saying "tomorrow!

And more than 5% of Windows computers are
still running XP, even though Microsoft stopped

releasing security updates for it three years
ago.

So, people and organizations worldwide were
left with a gaping hole in their cybersecurity,

The UK’s National Health Service hospital
system was especially vulnerable because as

recently as last year, computers in 90% of
NHS hospitals were still running XP.

It’s easy to blame the hospitals for using
a 16-year-old operating system.

Like, it doesn’t seem that hard to upgrade.

From MRIs to microscopes, practically everything
in hospitals uses computer programs, and it’s

often hard to get them to work properly with
newer operating systems.

So upgrading everything would have been a
major IT investment.

The hospitals’ data was all backed up, though,
so within a day of the attack, pretty much

everything was up and running again, no ransom
payments needed.

But just like not everyone downloads and installs
those annoying software updates promptly,

not everyone is as vigilant about backing
up as they should be.

So even though most big organizations were
fine, lots of individual people were losing

That is, until someone discovered that WannaCry
had a major flaw: a kill switch that an anonymous

cyber security expert in England discovered
almost by accident.

The hero, who goes by the name MalwareTech,
was looking through the WannaCry code as it

spread on Friday and found that it was built
to check whether or not a specific gibberish

So he registered the domain name to see what
would happen.

And it turned out to be a kill switch built
in by the ransomware’s creators.

Registering the URL was a signal that stopped
the malware from spreading.

New variants of the malware have popped up
and continued to spread, but they’ve mostly

included their own kill switch domain names,
leading to a game of cyber security whack-a-mole.

It’s not clear why the hackers behind the
attack included this in the code, but we’re

And that’s the thing: the part of the ransomware’s
code that’s based on EternalBlue is really

But according to security experts, having
a kill switch was an amateur mistake.

So was the way the hackers set up their ransom
payment system.

They didn’t code it in a way that let them
keep track of who actually paid the ransom,

and it’s set up so they would have to decrypt
each victim’s files manually.

Which might explain why almost no one seems
to have gotten their files decrypted.

But a more sophisticated attack could have
done a lot more damage.

At this point, there’s no reason anyone
else should be affected by WannaCry or its

copycats: Microsoft released special one-time
patches for old operating systems that are

vulnerable, including Windows XP, so no matter
what you’re running, you’re safe if you

And if you were infected by WannaCry, security
researchers have released tools that can decrypt

your files as long as you haven’t rebooted
your computer.

We still don’t know for certain who was
behind this, and we may never find out.

This won’t be the last time a malware attack
sweeps the planet, though.

Hackers are always finding new vulnerabilities,
and there are always going to be people who

So, WannaCry’s lesson is clear: install
those updates, and back up your stuff.

Thanks for watching this episode of SciShow
News.

Hopefully we don’t have to make another
news episode about a massive computer attack

any time soon, but if you want to learn more
about some really bad ones, check out our

video about the worst computer viruses of
all time.