"Ooops, your files have been encrypted!"
That's the message that hundreds of thousands of computer users have been reading since last Friday as the WanaCrypt0r 2.0 ransomware (a version of WannaCry) spent the weekend spreading like wildfire around the world. It's crippled Britain's NHS, and its makers have so far hauled in more than $50,000 in paid ransoms.
Running a virtual machine, absolutely definitely not connected to any network, danooct1 opens up a range of test documents, including images, before running the WannaCry malware. The malware then changes the background on the virtual machine's desktop, locks all of test files, and leaves a handy text document explaining to the user how to go about obtaining bitcoin to decrypt the files.
"WannaCry has been really interesting because it combines some aspects of worms like Sasser and Blaster/MSBLAST that make it spread incredibly quickly, and the fact that it pushed Microsoft to issue a security patch for unsupported operating systems goes to show how unique and damaging of a threat it is," danooct1 told Motherboard via Twitter DM.
While there are worries that Monday will herald a fresh round of infections to organisations already hit by WannaCry, no reports of substantial attacks have yet surfaced. That's not stopping victims paying the ransom though, despite there being no evidence yet that the WannaCry perpetrators are even unlocking files.
And for danooct1, WannaCry is just another exhibit for his YouTube archive. "I've just always liked malware, and since 2008 it's been a hobby of mine to record what it does and show it to people on YouTube, sort of like a video record of malware from the past," danooct1 said.
Subscribe to Science Solved It, Motherboard's new show about the greatest mysteries that were solved by science.