Earlier this month, hundreds of thousands of computers in more than 150 countries were locked after ransomware attack WannaCry spread like wildfire.
The attack, which exploited a vulnerability in Windows originally uncovered by the National Security Agency, impacted operations in businesses across the globe, from England’s National Health Service to FedEx. Affected users were confronted with an alert that their files had been encrypted, along with a demand for $300 to restore them.
Ransomware, a form of malicious software that locks and sometimes encrypts the victim’s computer or phone until a ransom is paid to unlock it, has gained notoriety in recent years, following infamous examples like CryptoLocker and Locky. And in the case of WannaCry, the ransomware was combined with another form of malware—a worm—that helped it quickly and autonomously spread from machine to machine.
Worms are self-replicating computer programs that exploit vulnerabilities in operating systems with the intent of spreading malicious code. They use networks to send copies of the original code to other computers, thus rapidly spreading infections.
Worms were born out of a college experiment, says Troy Gill, manager of security research at email security company AppRiver. The Morris worm, which is largely considered the first of its kind, was written by a graduate student at Cornell University in 1988 to gauge the size of the Internet. Instead, the code significantly slowed down machines to which it spread, rendering them useless.
“Since then, worms have progressed into being the vector of cybercrime and now, almost exclusively, they’re used for malicious purposes,” Gill says.
While worms share many similarities with viruses—and are often confused with them—the key difference is in how they spread.
A worm does not need human help to spread, nor does it infect other files, Troy says. It will install itself once on a computer, then look to infect other computers on the network. It’s also a separate, standalone file—it doesn’t need a host program in order to run, replicate, or propagate. Viruses, on the other hand, require the spreading of an infected host file.
“Businesses were affected by WannaCry because a worm exploited a vulnerability in Microsoft’s Server Message Block and searched for other computers with the same vulnerability,” says Sean Sullivan, security adviser at antivirus and security company F-Secure.
While it’s clear that a worm was used to spread WannaCry, it’s often difficult to know when you’ve been infected with a worm, Gill says.
“It might be running slower than normal, freezing, crashing, have issues launching programs, or have browser performance problems,” he says. “Another sign is having your computer run in startup mode when it never did before. Most people don’t notice that.”
Because worms spread through system vulnerabilities and not through actions you take—such as opening an email attachment that contains malware, for example—it’s impossible to completely safeguard against against them, Gill and Sullivan say. Nevertheless, there are some measures you can take to ensure that you’re as protected as possible.
First, Sullivan says, make sure that you have up-to-date security software installed on your computer. Second, always download software updates, which often include patches, when they become available. And if you can, change your settings to enable automatic updates.
“Software vendors are patching and updating and closing security holes. If you’re not taking advantage of that, you’re leaving yourself very vulnerable,” he says. “Don’t put these things off. It’s worth taking the time to just do it when you see the alert so you don’t risk being compromised.”
Finally, Gill adds, habitually back up your essential files on a device that doesn’t connect with your home network.
If you suspect that you’ve been infected with a worm, use antivirus software to run scans to identify the infection and remove it, Gill says.
“Wipe your device clean, and start over. It’s a temporary hassle and painful to put passwords back in, but it’s a surefire way to ensure you’re safe.” At the very least, he adds, if you’re affected by ransomware like WannaCry that’s spread through worms, you’ll have a backup of your most important files.
“Worms have an oversized presence,” Sullivan says. “We’ll see many instances of WannaCry wanting to spread—it’ll undoubtedly be around for many more years. All it takes is one dormant machine with vulnerabilities to be booted up in the wrong place.”