May 16 2017
By Dave Avran
The identity of whoever deployed the WannaCry software remains unknown to date. WannaCry exploits used in the current worldwide attack were drawn from the exploits stolen from the National Security Agency in the US.
Theft of the software was reported in April, when it was published by the Shadow Brokers, a group that has been linked to Russia. One month earlier, Microsoft had released a patch targeting the vulnerability. But the success of the attack shows that not enough people took advantage of the patch.
In Malaysia, two local companies have been hit three days after the malicious software was released on the evening of Friday 12th May, infecting more than 300,000 computers in 150 countries so far.
The first case in Malaysia involved a company director who came across the dreaded ransomware on his personal laptop on Saturday morning. The laptop had to be erased as the person did not want to pay the US$300 (RM1,300) ransom.
The same ransomware appeared in the computer of an automotive shop on Sunday morning. The company didn’t have any backup and might pay the ransom, The global cyber ransomware attack has thus far yielded the hackers less than US$70,000, but the payments have not led to any data recovery yet.
According to Elliptic, a London-based start-up that helps law enforcement agencies track criminals using cryptocurrency, the three Bitcoin wallets known to be associated with the WannaCry ransomware have received less than $70,000 in payments since the cyberattack was released Friday.
One of the main reasons payments have come in so slowly is that many users have never heard of Bitcoin and most users are confused how to exchange regular currency for the digital cryptocurrency.
The hackers initially demanded $300 in bitcoin to decrypt users’ data, then gave users 72 hours to pay until the fine was doubled to $600. Since the ransomware was released Friday, many users had their ransom doubled sometime Monday.
The ransom note indicates that if no payments have been made after seven days, the user would lose all their files.
The ransomware has disrupted telecommunications companies, hospitals, and other organizations. The UK National Health Care Service announced 48 of its organizations were affected, and that resulted in inaccessible computers and telephone service, but an extremely minimal effect on disruption to patient care.
So how do we protect ourselves from this menace?
Windows users should immediately update their software to avoid the ransomware, In addition to Microsoft’s Security Bulletin MS17-010 that patched the vulnerability in March, the company also issued a separate patch on Friday for users of older and unsupported operating systems such as Windows XP.
Back up your computer and store the safety version in the cloud or on a drive that is not connected to your computer. Use a strong antivirus software. Keep all the software on your computer up-to-date. Enable automatic updates. Never open attachments in emails from unknown sources. Remember that any account can be compromised. Enable the “Show file extensions” option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like “.exe,” “.vbs” and “.scr.”
If you find a problem, disconnect your machine immediately from the Internet or other network connections including your home Wi-Fi.
All the above precautions are for legitimate versions of operating systems of course. You’re on your own if you’re using pirated software.Th