Ransomware increased 35% last year.
More alarming is the continuing recent rise in both sophistication and the mass distribution of ransomware.
Ransomware can bring your business to a halt and cause significant financial damage.
Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive.
Cyber attackers don’t need a lot of money, resources or technical sophistication to use ransomware.
Todays headlines:
Hospitals across the country hit badly by attack
Nearly 100 countries affected
Fears of chaos over weekend
Cyber attack hits German train stations as hackers target Deutsche Bahn
Russian-linked cyber gang Shadow Brokers was blamed. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria. The exploit was leaked last month as part of a trove of NSA spy tools. The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The ransomware, called “WannaCry,” spreads by taking advantage of a Windows vulnerability for which Microsoft (MSFT, Tech30) released a security patch for in March. .
Affected machines have six hours to pay up and every few hours the ransom goes up
The global cyber attack crippled services on Friday (yesterday) The U.K. health service faces a weekend of chaos after hackers demanding a ransom infiltrated the health service’s antiquated computer system. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.
Medics described how computer screens were “wiped out one by one” by the attack, spread to companies and institutions worldwide, including international shipper FedEx Corp in the US, and Germany’s rail operator. Spain’s largest telecom operator, Telefónica., was also affected. Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.
Helsinki based Security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets. Megafon, a Russian telecommunications company, was hit by the attack
The ransomware is automatically scanning for computers it can infect, whenever it loads itself onto a new machine. It can infect other computers on the same wireless network. It has a ‘hunter’ module, which seeks out PCs on internal networks, so, if your laptop is infected and you go to a coffee shop, then it will spread to PCs at the coffee shop and from there, to other companies.
The sad part of the NHS tale is that Microsoft provided free software to protect computers in March, which raises questions about why the NHS was still vulnerable. it seems that many trusts were using obsolete systems, while others failed to apply recent security updates. Indeed This there are estimates that 90 per cent of NHS trusts in the UK are still using Windows XP – a now unsupported, 16-year-old operating system., introduced before 2007 which is particularly vulnerable,
Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last summer. The ransomware, aptly named WannaCry, did not spread because of people clicking on bad links. The only way to prevent this attack was to have already installed the update.
Through the ExternalBlue exploit, the malware installed an NSA backdoor payload called DoublePulsar, and through it went WannaCry, which then spread rapidly and automatically to other computers on the same network.“Whereas ransomware such as Locky normally requires user interaction, such as opening a word document, WannaCry has the capability to spread automatically. Thankfully a weakness in the method of propagation has allowed researchers to take control of a piece of attacker infrastructure and limit new infections— otherwise it could have been even worse.
Microsoft said yesterday that it is pushing out automatic Windows updates to defend clients from WannaCry.
What is ransomware
?Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it
Where did ransomware originate?
The first documented case appeared in 2005 in the United States, but quickly spread around the world
How does it affect a computer?
The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music
How can you protect yourself?
Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection
How much are victims expected to pay?
The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back.
If you think you might be vulnerable to WannaCry, or you don’t remember installing any updates over the past month, then your first step is to address that issue immediately.
This is the most critical Windows patch since [Conficker], which was one the largest similar infections to date.
Despite having been patch nearly a decade ago, the Conficker worm is still in circulation which you find everywhere. WannaCry, too, is going to be on networks for years.
The importance of downloading and installing security updates (as opposed to just clicking “remind me tomorrow” for several weeks in a row) cannot be overstated.
Just ask the patients of the 16 hospitals in England whose delay in care could have been easily avoided
