Things to know about the latest ransomware cyberattacks
15 Mei 2017, the borneo post
The latest wave of ransomware attacks. AFP
It is the start of the new week for most of us, and as you power up those systems at work, be mindful of the cyberattacks that had disrupted the world last Friday.
More than 100 countries were hit by the cyberattacks, and among those affected were computer networks at hospitals in Britain, Russia’s interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx and many other organisations.
As reported by AFP, the fast-moving wave of cyberattacks exploited a flaw exposed by leaks of documents from the US National Security Agency.
A hacking group called Shadow Brokers claimed to have discovered the flaw and released the malware, a self-replicating “worm”, in April this year.
The malware is known as WCry, WannaCry or WannaCrypt, employing a technique known as ransomware that locks users’ files unless they pay the attackers a designated sum in the virtual currency Bitcoin.
A message is sent to users demanding payment of $300 in Bitcoin, saying: “Ooops, your files have been encrypted!”
The screen message further says that payment must be made in three days or the price is doubled, and if none is received in seven days, the files will be deleted.
So what exactly does ransomware do?
According to Microsoft Malware Protection Centre, there are different types of ransomware but all of them stop you from using your PC normally, by holding your PC or files “ransom”.
Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. Sometimes they ask users to complete surveys.
Microsoft cautioned that, however, there is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
Any PC user can be a target, whether it is a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
The latest wave of ransomware mostly attacks Windows XP, which prompted Microsoft to re-release security updates for some of its older versions of Windows platforms.
In the wake of the unprecedented attacks, a cybersecurity researcher became an ‘accidental hero’ after discovering a kill switch that could prevent the spread of the ransomware.
Known only by the Twitter handle @MalwareTechBlog, the researcher warned that while the first version of WannaCrypt was stoppable, it does not prevent the hacking group from trying again with a flawless version 2.0.
“It’s very important everyone understands that all they need to do is change some code and start again. Patch your systems now!” – @MalwareTechBlog urged in a tweet on Saturday.
As Microsoft pointed out in the FAQs on its website, it can be very difficult to restore your PC after a ransomware attack – especially if it is infected by encryption ransomware.
Microsoft asserted that the best solution to ransomware is to be safe on the Internet and with emails and online chat, by not clicking a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
Although Malaysian Communications and Multimedia Commission (MCMC) said there is no such attack reported in Malaysia so far, it is best to stay vigilant.
The Malaysia Computer Emergency Response Team (MyCERT) under CyberSecurity Malaysia has also issued an advisory on its website Saturday, urging users to review and patch the vulnerability in their systems, as well as taking necessary preventive measures to protect their computers.