It’s amazing how humans can make something bad out of something good, and hackers have done just that when it comes to the Internet and virus protection. The fact that almost everyone has a computer or access to the Internet and relies on it so heavily in everyday life, leaves us all highly vulnerable to the vagaries of viruses, worms, ransomware and the like.
And rightly so, since not only our personal and work computers contain important data but companies, government organisations and the military rely so heavily on technology to store highly sensitive and secret files that it’s no wonder we’re all a little jittery after the recent WannaCry circus.
In the scary world of cybercrime, that word ‘ransomware’ is the one instilling so much fear after the recent WannaCry blitz that saw an estimated 300,000 computers affected globally. And not just any old computers, either. Hundreds of hospitals and clinics in the British National Health Service were affected and a Jakarta hospital (in Indonesia) said the worm had infected 400 of its computers, interrupting patient registration and records.
Car maker Renault managers had to stop manufacturing at plants in Romania and France. The Nissan plant in Sunderland, northeast England was affected, as were international shipper FedEx Corp and German rail operator Deutsche Bahn, all of this sending a ripple of panic everywhere.
How did it happen? Well, it seems the attack from the encryption based ransomware worm (also called Wanna Decryptor or WCRY) made use of a hacking tool created by the US National Security Agency (NSA) for use in catching cyber criminals and for spying that was somehow leaked onto the net. Gee, thanks.
In the past WannaCry ransomware assaults victims received ransom notes in txt files demanding ‘!Please Read Me!’, with links showing how to get in touch with the hackers. The ransomware changed the wallpaper on computers with messages telling the victim to download the ransomware from Dropbox. They then usually demand $300 in bitcoin (cryptocurrency, a digital payment system) to get it to work. Once it infects a system WannaCry ransomware makes encrypted copies of certain file types before ditching the originals, leaving the victims with the encrypted copies that they cannot open without a decryption key.
Call it sheer luck but WannaCry lost its steam after a security researcher took over a server which was associated with the attack. His actions crippled a feature that allowed the worm to spread across infected computer networks. And it was fortunate that the UK-based researcher, who didn’t wish to be named (but tweets as @MalwareTechBlog) found a way completely by chance to temporarily limit the worm’s sweep by registering a web address to which he noticed the malware was attempting to connect.
One wonders where these hackers will strike next. The latest news is that since the WannaCry attacks a new flaw has been found in free networking software used widely and called Samba, developed for Linux and Unix computers, opening up countless computers to risk. This ‘hole’ in the software was easily exploited, with researchers developing malware in only 15 minutes.
The US Department of Homeland Security announced the exposure and urged users and administrators to employ a patch. There are apparently still some problems that haven’t been solved since WannaCry. But after the global WannaCry attack, Microsoft issued a fix for versions of Windows it had ‘retired’ and were no longer supported. These were such versions as Windows XP which is still widely used, so if that’s you, update your system to the latest version ASAP.
But it is easy to protect your computer. Just get serious about regularly backing up your data and avoid clicking on links from strange or unknown sources.
If you’re struggling to deal with ransomware, worms, computer viruses or anything at all to do with computers, contact Catalyst Computers and they’ll clean up any malicious software and have measures put in place to stop it happening again. They can also educate users on how to avoid re-infection.
For a rapid, on-site response call Catalyst on 02 9160 0335.