Daily Bulletin


The Conversation

  • Written by David Glance, Director of UWA Centre for Software Practice, University of Western Australia
image

A massive malware attack was launched on Friday, affecting at least 75,000 computers in 99 countries. Computers running Microsoft Windows were infected with “WanaCrypt0r 2.0 or WannaCry” ransomware. Once infected, all of the files on the computer are encrypted by the malware, which then displays a ransom demand of between US $300 and $600 in bitcoin that needs to be paid before the files can be decrypted.

The WannaCry ransomware is being spread through a weakness in Microsoft Windows that was originally exploited by the US National Security Agency (NSA) as part of their arsenal of cyberweapons in a tool called “Eternal Blue”. Unfortunately, this tool, along with many others, was stolen by hackers and leaked to the world in April 2017 by a hacker group calling themselves the “Shadow Brokers”.

Microsoft had already released a fix for the Eternal Blue vulnerability in March, but the extent of the WannaCrypt attack has highlighted how many organisations have failed to apply the fix, or are running copies of Windows that are so old that there wasn’t a fix for them.

Russia, Ukraine and Taiwan have been the countries most affected by the attack. In the UK however, the attack hit Britain’s National Health Service badly enough that services to patients were disrupted.

At the time or writing, one of the bitcoin addresses used by the malware showed that only a few people had paid the ransomware so far but the number has been slowly ticking up.

The spread of the first wave of WannaCry ransomware may have been halted by a cybersecurity researcher who, by registering a domain with a particular name, effectively activated a “kill switch” in the malware software that stops it from spreading further.

Ransomware has become the biggest threat to organisations and governments trying to protect critical infrastructure. According to a study by IBM ransomware attacks increased by 6,000% in 2016 and at least 40% of spam emails now carry ransomware. The study also found that 70% of businesses infected with ransomware would pay the ransom. In many cases, this is because they either did not have backups, or they believed it was a faster way of getting their business back up and running.

The NHS has come in for particular criticism about the consequences of the attack because they knew about the risks and had been warned repeatedly to take steps to protect their networks and computers.

Finding out who was behind the malware is going to be very difficult. The malware communicates using the anonymising Tor network and demands payments in the equally anonymous currency, bitcoin, making tracing those behind the attack more complicated.

The NSA has also been held partly to blame for the attack because it had not alerted Microsoft about the weakness in its system until the NSA’s software that exploited it had been stolen and leaked to the public. Had the NSA told Microsoft when it discovered the weakness, the patch to fix the vulnerability would have been available in enough time for even the slowest of organisations to have patched their computers.

Ironically, large scale attacks such as these do have the effect of highlighting the threat of malware attacks and cybersecurity in general. This is true at the national level as well as amongst businesses. The frequency and scale of attacks also gives us a measure of how effectively companies and countries are prepared for cybersecurity attacks of any kind. Governments can act to enforce cybersecurity protective measures on companies, especially those that provide critical services or infrastructure. They can also act to direct their security services to disclose weaknesses in software systems, rather than keeping them secret in order to exploit them themselves against some future enemy.

Companies and their employees can help protect themselves from future attacks of ransomware by taking the following steps:

  1. Back up computers. This doesn’t protect a computer from an attack, it merely renders an attack ineffective because it is easy to re-install the system from a backup.
  2. Don’t click on links in emails unless you are expecting the email to contain a link. If you don’t know, double check with the sender. Equally, if you open a document and it asks to run macros, just say no. Avoid putting people into this situation in the first place by not sending links unless you have agreed prior to sending the email.
  3. Always update systems and software with the latest security updates. Better still, set the system to automatically do this on your behalf.
  4. Use antivirus software to protect systems.
  5. If infected, disconnect the computer from the network so that other computers are not infected.

Authors: David Glance, Director of UWA Centre for Software Practice, University of Western Australia

Read more http://theconversation.com/massive-global-ransomware-attack-highlights-faults-and-the-need-to-be-better-prepared-77673

Writers Wanted

Heading back to the playground? 10 tips to keep your family and others COVID-safe

arrow_forward

Qatar expresses 'regrets' for 'any distress' to women invasively searched in baby incident

arrow_forward

Education & More – Family Tips on How to Settle in Bangkok

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Business News

AppDynamics Solves Visibility Gap Between Traditional Infrastructure and Cloud Environments

New Full Stack Observability Platform, Integration With Cisco Intersight Workload Optimizer and Cloud Native Visualisation Features Provide Cross Domain Insights and Analytics of Business Perfor...

Hotwire Global - avatar Hotwire Global

Why Your Small Business Should Bulk Buy Hand Sanitiser

As a small business owner, employee and customer safety is at the very top of your priority list. From risk assessments to health and safety officers, appropriate signage and proper briefing...

News Co - avatar News Co

How Phone Number Search In Sydney Can Help Your Business

To run a successful business, keeping track of your company and competitors are the major factors. With a lot of tools, available businesses have options to stay current. One way in which busine...

News Co - avatar News Co



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion