A month ago on May 12, a large-scale ransomware cyber-attack called Wannacry hit 150 countries and 230,000 computers in the space of a day. Affected users were forced to pay a ransom starting at $300 (Dh1,100) by a specified date — after which the price increased upon failure to pay.
Several major brands, including Britain’s National Health Service, FedEx and DeutscheBahn were simultaneously attacked, resulting in a global epidemic. Wannacry exploits a vulnerability in the Microsoft Windows operating system. Although the software major issued a patch in March, some users have not yet applied it.
#GNTECH attempts to understand Wannacry and its implications.
How does it happen?
Typically, ransomware enters a PC when the user either clicks on a suspicious link, or downloads or copies a document that runs macros on MS Word or through email attachments. However, Wannacry can attack and encrypt a PC even if the user has not actually downloaded anything. The worm encrypts data on the computer and gives the attacker remote access to the computer.
After it encrypts one machine, Wannacry spreads to other computers on the local area network, encrypting machines that have the same vulnerability.
Are you affected?
If you patched your systems with the update Microsoft released in March, you are not prone to this attack and will not be infected. But this doesn’t hold if you do happen to download the ransomware by any of the means mentioned above. The more unpatched machines you have on a network, the more vulnerable you are.
To ensure you are not unknowingly hit by Wannacry, apply the Microsoft security update MS17-010 and disable SMB v1.0 of the Windows OS (Microsoft explains how on its support website).
What data is affected?
Some file extensions that Wannacry encrypts include: ppt, doc, docx, xls, mp4, mkv, zip, tar, rar, dwg, psd, and ai.
How does it affect you?
We take a lot of interest in a new “smart” product such as a smartwatch or TV, because we’re convinced these technologies will improve our lives by connecting with other devices making exchange of information efficient over the internet. But let me ask you, would you want to be locked out of your own house?
That is possible as technologies and devices have security vulnerabilities as many vendors even today do not follow all the steps of the security best practices. So a hacker could hack your smart TV and gain access to your home network to control every device connected to your home network/internet.
But there’s more…
After a security researcher found a kill switch to stop Wannacry, hackers released Wannacry 2.0, but this time there’s no kill switch! So apply the security update without any delay to remove the Windows vulnerability. However, know that you will be protected against Wannacry/Wannacry 2.0 but can still be affected by other ransomwares, Trojans or viruses if you’re not careful.
So stay alert to threats. Keeping your organization or home safe must be
a full-time commitment
and not just a concern during a breach. ■
What can you do?
Here’s how consumers can protect their IOT devices as they protect their personal phones:
1. Apply updates as and when available
2. Understand what information the device
is collecting and where
it is stored. And is the storage secure?
3. Always check before buying an IOT device. Is it prone to an attack or has
it been hacked?
4. Apply strong passwords. Do not make the mistake of leaving a device with its default password as these are very commonly known and easy to crack/guess.
Cyber threats these days are more than just keyloggers (recording keystrokes to steal personal data) or phishing. It is a critical domain that needs to be addressed by enterprise, SMEs and Joe Public. Organizations should train staff on trending cyber threats and how to evade them. A common myth is, “We don’t need security, we’re a small company!” — because these firms don’t think they have anything a hacker could steal. But simple ransomware can lock them out of their machines and halt business. Simple information is asset and if that gets in the wrong hands it could cause a lot of damage financially and otherwise.
Following best security practices and conducting penetration tests (running apps to find vulnerabilities) periodically, as well as to discovering and fixing security loopholes should be performed every now and then. Cybersecurity is all about control!