An unprecedented global cyber-attack has been underway since Friday of last week, so far effecting more than 200,000 organisation across the globe; from large scale businesses in Europe Friday, to Japan and China over the weekend. Users who have been affected by this intrusive attack have had their systems locked down. According to reports, with a screen demanding a $300 pay out to release their files. The name of this software is WannaCrypt, deemed WannaCry as it has been unsympathetic in its attack. For the general Barbadian however, it may seem as though this attack has may have little or no effect on them, however please be advised it would be unwise in face of this global crisis.
What is WannaCry(pt)?
To answer that question, we must first define what ransomware actually is: Ransomware is basically any kind of cyber-attack that involves hackers taking control of a computer system and blocking access until a ransom is paid. The ransom can be in the form of wired cash payment transfers, or as of recently, bitcoin payments. It’s worth noting that cyber criminals can only gain access to a system if the infected malicious software is downloaded within the given network. This situation often occurs when the victim unknowingly clicks on a link or downloads the software innocently. After the software gains access to the computer, the hackers can begin an attack to lock down all files within the network. This process is not immediate however, as the data takes its time to be encrypted one after the other.
WannaCry is a unique ransomware program that locks all data on a computer system, leaving the user only access to two files; the instructions on what to do next (a.k.a. payment) and the WannaCry program. When the software is opened it tells computer users that their files have been encryted, and gives them a few days to pay up, warning that their files will otherwise be deleted. It demands payment in Bitcoin; the infamous cryptocurrency and a digital payment system, giving instructions on how to buy it, and provides a Bitcoin address to send it. Bitcoins being used for the payment is a tactical move on the part of the hackers, because it’s pseudonymous, meaning that funds are not tied to real-world entities but rather Bitcoin addresses making transactions unregulated and virtually untraceable.
Currently the initial attack was quashed by a security expert in England, who has been hailed as an “accidental hero” for subduing the spread of the initial version of the ransomware late Friday. He noticed an unregistered domain name in the software code of the ransomware after buying it and registering it, seemingly halted in its tracks. The domain names are being called “kill switches” to the malware. Researchers say new variants of the software have a similar kill switch, but they refer to different domains.
“Thankfully some researchers are already registering the new domains as they identify them,” AlienVault researcher Chris Doman says. “The cat-and-mouse will likely continue until [someone] makes a larger change to the malware, removing the kill-switch functionality completely. At that point, it will be harder to stop new variants.”
New variants of this software will keep arising, so to help protect your data from being compromised, follow the steps below to be secure:
- Back up your computer and store the safety version in the cloud or on a drive that is not connected to your computer.
- Use robust antivirus software.
- Keep all the software on your computer up-to-date. Enable automatic updates.
- Never open attachments in emails from someone you don’t know. And remember that any account can be compromised.
- Enable the “Show file extensions” option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like “.exe,” “.vbs” and “.scr.”
- If you find a problem, disconnect your machine immediately from the Internet or other network connections (such as home Wi-Fi).