An unprecedented "ransomware" cyberattack has infected hundreds of thousands of computers across 150 countries - in many cases, the impact has been disastrous.
Makes you WannaCry, doesn’t it?
As of writing this, all infosec eyes are on what will happen with the WannaCry ransomware worm.
Will it continue to spread, and who will get it next? Will the criminals who wrote the worm alter their code to get around the "kill switch" an anonymous British security researcher found, and which slowed down the spread of WannaCry?
Will copycats snag the code and make something even worse than WannaCry? Actually, the answer to that is "yes"; it's almost certain there will be even nastier malware.
WannaCry is as bad as it is due to a combination of factors: it's destructive and encrypts your files like past ransomware, but it also replicates itself and spreads very fast on networks, looking for vulnerable Windows computers.
Those computers are often found in cash-strapped organisations like health authorities where WannaCry has locked doctors out of patient files already. Then there's vulnerable embedded systems in diagnostics and treatment systems, which too could be shut down by WannaCry.
Small-to-medium-sized businesses are also in WannaCry's crosshairs so to speak, as they too try make the most of old systems and don't update or upgrade these.
In both cases, a WannaCry attack could be devastating, cause firms to fold and even loss of life.
The ransomware encrypted data on the computers, demanding payments of US$300 ($437). Photo / Twitter
How did we end up with this mess?
WannaCry came about because the cyber spies at the United States National Security either discovered or purchased knowledge about how to use two serious flaws to gain access to Microsoft's Windows operating system.
Unfortunately for all of us, hackers stole the "exploits" for the bugs in Windows, and incorporated them into the horrendously effective WannaCry malware.
Infosec professionals have long debated whether it's a good idea that spy organisations like the NSA should be allowed to hoard vulnerabilities to be used offensively. On the one hand, national security is at stake, on the other hand ... well, national security is also at stake if the exploits leak out and fall into the hands of criminals. Like they did with WannaCry.
Microsoft which has been at the forefront of this has had enough, and says the exploit stockpiling by spies must stop.
Its chief legal officer Brad Smith compared the leaks to the US military having some of its Tomahawk missiles stolen, which is probably not as hyperbolic as it first seems, given that old versions of Windows control some weapons systems as well as hospital computers.
Such a convention would force governments to report security flaws to vendors so that they could be fixed, and not to keep quiet about them in order to use against adversaries.
We'll see how far that proposal goes, but WannaCry has undeniably holed most of the arguments that governments should be allowed to keep cyberweapon arsenals - because they can't keep these safe, and with the internet reaching billions of people around the world, the risk of mass destruction is immense.
Users need to take responsibility too
WannaCry wouldn't have been the wildfire menace it is if everyone had patched Windows on their computers, or upgraded to a newer version of Microsoft's operating system.
Microsoft was swift to release patches for the NSA exploits used by WannaCry, and for supported versions of Windows, they've been available for over two months already.
Not patching computers threatens more than just your data - as WannaCry has shown, the latest digital nasties spread fast and easily via networks. Unpatched systems can and will cause damage to others around them.
Then there are the many, many people and organisations that still run old and unsupported versions of Windows. You've been warned what could happen, and here it is: WannaCry scrambling the data you depend on.
Please, if you run old and not unpatched software, think of others and update straightaway.
The internet is a very hostile environment in 2017, and you will get attacked, indirectly or directly.
A live tracker of where the malware is attacking computers. Photo / malwaretech.com
Protecting against WannaCry and other malware wannabes
Update all your systems frequently - this includes not just your computers, but network gear, routers, internet gateways, smartphones, everything that you use.
Don't hope for the best and use old gear. Once tech is past its use by date, it'll be dangerous.
Back up often, and make sure everything important is included. Make sure that you keep good copies of your data, and don't accidentally overwrite it with bad stuff... like ransomware encrypted files.
Simplify your IT. If you don't know what some piece of hardware or software does, or if it's not needed, out it goes. One less thing to worry about.
Use a hardware or software firewall, to control what you send to, and receive from, the internet.
Be careful where you go on the internet. There are some very dark and dangerous corners on it, where you will be mugged. Likewise, don't open emailed or sent via another method willy-nilly. Use cloud storage with anti-virus scanning abilities to share files.
