Desperate attempts to contain the world’s biggest cyberattack appear to be working early Monday.
Just one person in an organisation who clicked on an infected attachment or bad link, would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response. If that estimate is true, then fewer than 100 of the victims acquiesced to the hackers’ demands. That’s why it’s called ransomware.
A Microsoft guide to how to do this (for Windows 10 machines) can be found here.
The software tools to create the attack were revealed in April among a trove of NSA spy tools that were either leaked or stolen.
WannaCry or WanaCrypt0r or WCry, the ransomware behind the cyber-attacks, is a modified version of Eternal Blue, a government hacking tool that a group known as the Shadow Brokers released into the wild only last month.
Microsoft’s message is clear: authorities need to start thinking about security exploits in the same terms as physical weapons. That prompted the company to issue another patch on Friday for older and unsupported operating systems such as Windows XP, allowing users to secure their systems without requiring an upgrade to the latest operating software.
Consumers are also at risk. “The fact I registered the new kill-switch today to block the new waves of attacks (sinkhole.tech reported to me they are receiving hits) is only a temporarily relief which does not resolve the real issue which is that many companies and critical infrastructures are still dependent on legacy and out of support Operating Systems”, Sucihe said.
The Prime Minister’s Cyber Security Advisor Alastair MacGibbon and officials from the Australian Cyber Security Centre have launched an investigation into how Australia avoided the worst of the attack, which hit 200,000 companies and organisations in 150 countries by locking computers and holding users’ files for ransom.
Also hit were Deutsche Bahn, the Russian Central Bank, Russian Railways, Russia’s Interior Ministry, Megafon and Telefónica.
Microsoft claims that in March, it had released a security update to counter these exposed vulnerabilities and had urged the users to update their systems.
The trust will be reducing the amount of planned services across all its sites to ensure those it does run can be done so safely.
Some ransomware is poorly executed, and the files can be recovered – but in many cases, files will be lost unless you have backed up (above).
“More action is needed, and it’s needed now”, he said.
Back up photos and other data in free online services such as Google Drive and Dropbox where possible, and back up your PC regularly. Install all Windows updates. 5.
Sharing his assessment of the ransomware attack in the TechMarketView daily HotViews newsletter Martin Courtney, principal analyst at the firm pointed the finger at those public sector organisations still using outdated software.
The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.