5月12日 星期五 它占据了各大新闻媒体头条
It was all over the news on Friday, May 12th:
Hospitals in the UK couldn’t get access to their systems and were turning patients away.
Car factories in France had to shut down.
A Spanish telecommunications company told their employees to shut down their computers.
Computers all over the world were being infected by WannaCry,
a massive hacking attack that caused worldwide computer chaos.
By May 14th, more than 200,000 computers in more than 150 countries had been affected.
And yet, the attack didn’t seem to cause much long-term damage
and the hackers only made about $100,000 in total.
We just witnessed one of the largest and strangest computer attacks ever.
WannaCry is an example of a type of attack called ransomware
where the data on an infected computer is encrypted or scrambled.
In return for restoring access to your files, the hackers demand a ransom payment —
in this case, either $300- or $600-worth of the digital currency bitcoin.
There are lots of kinds of ransomware out there, but WannaCry spread very quickly
using a tool that security experts believe was created by the NSA.
To be clear, the NSA wasn’t interested in ransom, just in snooping,
but they created a tool that took advantage of a security weakness in Microsoft software.
This tool, dubbed EternalBlue, exploits a vulnerability in something called
the Server Message Block, or SMB protocol.
The SMB protocol is basically a system for sharing file access across a network.
It’s used by lots of people all the time, and the reason why you might never have heard
of it is that normally, it’s totally safe.
Well, the NSA discovered that in some versions of Windows,
the SMB protocol can be tricked into accepting packets of data from remote attackers.
EternalBlue was designed to use that flaw as a way in.
That’s pretty freaky to think about, but no one outside of the NSA would have known
about it — and WannaCry might never have happened —
if it weren’t for a leak earlier this year.
四月 一个据传隶属于俄罗斯 名为暗影破坏者的黑客组织
In April, the Shadow Brokers, a group of hackers that’s thought to be tied to Russia,
stole EternalBlue from the NSA and published the exploit online.
Microsoft quickly released a patch for the issue for the operating systems
例如Win7 win10 发布了补丁
they still officially support, like Windows 7 and Windows 10.
In theory, that should have headed off any potential problems.
With the patch, EternalBlue would be useless.
然而 并非所有人都定期下载安装补丁 升级电脑系统
But, not everyone actually installs patches and updates their systems regularly.
I mean, at some point we’ve all clicked the button saying “tomorrow!
Remind me tomorrow!”.
And more than 5% of Windows computers are still running XP,
even though Microsoft stopped releasing security updates for it three years ago.
So, people and organizations worldwide were left with a gaping hole in their cybersecurity,
which WannaCry took advantage of.
The UK’s National Health Service hospital system was especially vulnerable because as
recently as last year, computers in 90% of NHS hospitals were still running XP.
It’s easy to blame the hospitals for using a 16-year-old operating system.
Like, it doesn’t seem that hard to upgrade.
But it’s not that simple.
From MRIs to microscopes, practically everything in hospitals uses computer programs,
and it’s often hard to get them to work properly with newer operating systems.
So upgrading everything would have been a major IT investment.
不过医院的所有数据都有备份 因此 在受到攻击不到一天的时间里
The hospitals’ data was all backed up, though, so within a day of the attack,
几乎所有的数据都已得到恢复 医院工作回归正轨 没有支付任何赎金
pretty much everything was up and running again, no ransom payments needed.
But just like not everyone downloads and installs those annoying software updates promptly,
not everyone is as vigilant about backing up as they should be.
So even though most big organizations were fine,
lots of individual people were losing access to their data.
That is, until someone discovered that WannaCry had a major flaw:
a kill switch that an anonymous cyber security expert in England discovered almost by accident.
The hero, who goes by the name MalwareTech,
was looking through the WannaCry code as it spread on Friday
and found that it was built to check whether or not a specific gibberish URL led to a live website.
So he registered the domain name to see what would happen.
And it turned out to be a kill switch built in by the ransomware’s creators.
Registering the URL was a signal that stopped the malware from spreading.
New variants of the malware have popped up and continued to spread,
but they’ve mostly included their own kill switch domain names,
leading to a game of cyber security whack-a-mole.
It’s not clear why the hackers behind the attack included this in the code,
but we’re lucky they did.
And that’s the thing: the part of the ransomware’s code that’s based on EternalBlue
is really sophisticated.
但据网络安全专家所说 病毒中包含自毁开关 是新手才会犯的错误
But according to security experts, having a kill switch was an amateur mistake.
So was the way the hackers set up their ransom payment system.
They didn’t code it in a way that let them keep track of who actually paid the ransom,
and it’s set up so they would have to decrypt each victim’s files manually.
Which might explain why almost no one seems to have gotten their files decrypted.
So a more sophisticated attack could have done a lot more damage.
At this point, there’s no reason anyone else should be affected by WannaCry or its copycats:
因为 针对Windows XP等易受感染的旧操作系统
Microsoft released special one-time patches for old operating systems
微软公司发布了特殊的补丁 无论使用哪种操作系统 包括XP
that are vulnerable, including Windows XP, so no matter what you’re running,
you should be safe if you update.
And if you were infected by WannaCry, security researchers have released tools
that can decrypt your files as long as you haven’t rebooted your computer.
We still don’t know for certain who was behind this, and we may never find out.
This won’t be the last time a malware attack sweeps the planet, though.
Hackers are always finding new vulnerabilities,
and there will always be people who don’t update right away.
因此 WannaCry给我们上了浅显生动的一课 升级系统 定期备份
So, WannaCry’s lesson is clear: install those updates, and back up your stuff.
Thanks for watching this episode of SciShow News.
Hopefully we don’t have to make another news episode about a massive computer attack any time soon,
but if you want to learn more about some really bad ones,
check out our video about the worst computer viruses of all time.
5月12日 星期五 它占据了各大新闻媒体头条