What you need to know about ransomware attacks

0
20

More than 230,000 computers in 150 countries have been hit
by a cyberattack that encrypts data until a ransom
has been paid. It’s thought to be the biggest in history, with
India, Taiwan, and several European countries being the
worst effected.

If you use a Mac,
you have nothing to worry about for now, since this particular
“ransomware” only targets Windows PCs. However, the number of
attacks built for macOS is rising at a rapid rate every
year.

So, what exactly is ransomware, and how can it be avoided?
Here’s what you need to know.


This
widespread attack first surfaced in London on Friday
morning, with the UK’s National Health Service (NHS) one of the
biggest organizations to be hit. It then made its way to more
than 150 countries, putting businesses small and large on their
backs.


It is believed that the team behind
the attack, known as “WannaCrypt” or “WannaCry,” have only
received around $32,000 in ransom fees so far, but it is
estimated that hundreds of millions of dollars have been lost
as a result of computer outages.

Microsoft
has described the attack as a “wake-up call,” and it blames
governments for “stockpiling vulnerabilities” in software that
allowed the ransomware to be created.


Here’s what
we know about it so far.

What is ransomware?


Ransomware
is a type of malicious software that encrypts the data on an
infected computer and prevents the user from unlocking it until
a ransom fee has been paid. In some cases, ransomware can lock
down an entire hard drive, making it impossible to recover
any data.

Until the system has been unlocked, a message is displayed that
demands payment for the decryption key. Attackers typically
want this payment in the form of bitcoins, which prevent the
money from being traced. The vast majority of ransomware
attacks are designed for Windows, which has a significantly
greater market share than macOS. However, as Apple computers
become more popular, the number of attacks targeting Mac users
is growing at an unprecedented rate.

Back in April, the latest Threats Report from McAfee Labs
revealed that the number of malware attacks built for macOS

skyrocketed 744 percent in 2016
, with around 460,000
instances of software identified. Fortunately, the vast
majority of this is adware, which is nowhere near as
harmful.

How is ransomware spread?

Just like a lot of malware infections, ransomware is spread by
phishing emails. A seemingly innocent file is attached to a
message and an unsuspecting user opens it, believing it to be
genuine. The malicious software can then carry out its attack
and the user knows nothing about it until it’s too late.

It is believed the WannaCry attack took advantage of an exploit
called EternalBlue, developed by the U.S. National Security
Agency (NSA), which allows it to be spread through a network.

This means that once the software has been installed on one PC,
it can spread itself to others on the same network without
having to be opened manually on each computer.

How can you avoid it?

The simplest way to
avoid ransomware is to keep your computer up to date. Software
vendors typically issue patches for big vulnerabilities — like

MS17-010
, the one exploited by WannaCry — soon after they
are identified, and installing those patches ensures your
computer is safe.

Believe it or not, Microsoft patched vulnerability MS17-010
back in March, and categorized the update as “critical.”
Despite this, many organizations had failed to apply it,
leaving their machines vulnerable. PCs running older
operating systems, like Windows XP, were also at risk.

Since WannaCry was identified, Microsoft has taken the unusual
step of patching both Windows XP and Windows Server 2003 —
despite dropping support over two years ago — to prevent
further outbreaks.

You can also bolster your security by running a reputable
antivirus program. These can identify certain attacks as soon
as they are downloaded and block them before they get a chance
to do any damage. But antivirus won’t always save you. Just as
quickly as these programs are updated to fight off the latest
attacks, hackers are developing new ones that will initially go
undetected.

What is being done about WannaCry?

In a nutshell, there’s very little that can be done with
computers that are already infected. Experts will be looking at
ways in which they can kill it and decrypt systems without
paying the ransom fee, but it’s not yet clear if that’s
possible.

As mentioned above, Microsoft already addressed the
vulnerability exploited by WannaCry back in March, so
up-to-date PCs will be immune to it. It has also issued updates
for Windows XP and Windows Server 2003 to prevent further
attacks.

A 22-year-old security
researcher from England inadvertently found a kill-switch in
WannaCry that prevents it from spreading. All he had to do was
register a “very long nonsensical domain name that the malware
makes a request to,” which closed it down.

The kill-switch was baked in by the randsomware’s creator in
case they wanted to prevent it from spreading. The software
checks the domain and if it identifies it as active, it
immediately stops trying to make its way to other
machines.

The domain cost the researcher, identified only as MalwareTech, just
$10.69, and it was immediately registering thousands of
connections every second, according to The
Guardian
.

But this kill-switch doesn’t spell the end of WannaCry.

“This is not over,” warns MalwareTech. “The attackers will
realise how we stopped it, they’ll change the code and then
they’ll start again.”

Who has been affected by WannaCry?

The long list of businesses and organizations affected by
WannaCry, according to Wikipedia, includes:

  • PetroChina
  • Public Security Bureau
  • Renault
  • Portugal Telecom
  • Ministry of Foreign Affairs
  • MegaFon
  • Ministry of Internal Affairs of the Russian Federation
  • Russian Railways
  • Telefónica
  • National Health Service
  • NHS Scotland
  • Nissan U.K.
  • FedEx
  • Massachusetts Institute of Technology
  • Saudi Telecom Company
  • Hitachi

In the U.K., it is believed 70,000 pieces of equipment owned by
the NHS have been impacted by the attack, including computers,
MRI scanners, blood-storage refrigerators, and theater
equipment. Some services and non-critical operations have had
to be postponed as a result.

A Nissan factory in Tyne and Wear was forced to halt production
after the attack infected some of its systems, while Renault
also ceased manufacturing at several sites to prevent the
spread of infection.

A wake-up call

In
a blog post published by Microsoft
on Sunday, the company
describes this attack as a “wake-up call.” The company
criticizes the NSA for being the source of the vulnerability,
and for hoarding vulnerabilities for its own gain. It
also insists governments should be doing more to prevent
similar attacks.

Microsoft calls on governments to consider the “damage to
civilians that comes from hoarding these
vulnerabilities.” It wants them to adopt the Digital
Geneva Convention with “a new requirement for governments to
report vulnerabilities to vendors, rather than stockpile, sell,
or exploit them.”

“We should take from this recent attack a renewed determination
for more urgent collective action,” the company concludes. “We
need the tech sector, customers, and governments to work
together to protect against cybersecurity attacks. More action
is needed, and it’s needed now.”