Ransomware attack should be wake-up call for governements

Share

This one worked because of a "perfect storm" of conditions, including a known and highly risky security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business or government networks.

Initial BBC estimates suggest that the hackers may have met with little success from a ransom standpoint, receiving payments of only £22,080. Taiwan, Ukraine and Russian Federation were the major targets, although the virus is spread over a number of countries and the infection of computers over networks can be massive.

Microsoft's Brad Smith.Stephen Brashear/Getty ImagesIn short: A U.S. government cyberweapon was repurposed by criminals to wreck havoc in hospitals and telecoms firms around the world.

As per the advisory issued by CERT-In, the ransomware infects other computers on the same network and is also spreading through malicious attachments to e-mails.

As MalwareTech noted in a blog post afterward, the ransomware was written to connect to an unregistered domain and "if the connection is not successful it ransoms the system, if it is successful the malware exits".

Companies and institutions are often slow to update their computers because it can screw up internal software that is built to work with a certain version of Windows. The tool is called WCRYSLAP and can be found here. "It stops the damage being caused", Hickey told CNNTech. WannaCry encrypts files with a key that only extortionist hackers can access.

More news: Celtics win draft lottery, 76ers to pick third
More news: Slain DNC Staffer Had Contact With WikiLeaks, Say Multiple Sources
More news: HTC U11 wants you to squeeze it

Earlier in the day, central transmission utility Power Grid said it has put sufficient firewalls to deal with the global cyber attack Ramsomware and consumers need not fear sudden outages on that account. But millions of individuals and smaller businesses still had such systems. Turn on auto-updaters where available (Microsoft offers that option). Once your OS of choice falls out of extended support, you'll need to pay Microsoft for a custom support program in which you continue to receive fixes (we have no idea what that costs, but you can bet it ain't cheap).

He added that the Cyber Swachhta Kendra - government's portal on information about cyber security - is being updated on regular basis since Saturday.

Finally, always stay alert.

If you're one of those people, you better get to it because you don't know what might happen come Monday.

The cyberattack highlights how critical infrastructure and major organizations can be harmed by outdated software and technology. Machines that contained the patch are much less at risk than those that didn't.

Share