Published: Sat, May 20, 2017
Hi-Tech | By Ellis Neal

Ransom virus slowing, cyber security awareness promoted

Ransom virus slowing, cyber security awareness promoted

A group that took credit for leaking NSA cyber spying tools - including ones used in the WannaCry global ransomware attack - has said it plans to sell code that can be used to hack into the world's most used computers, software and phones.

Senior technical director and state informatics officer Ajay Singh Chahal said no websites in Himachal have been affected from WannaCry ransomeware. "We immediately informed our user community to continue to be vigilant with unknown or suspicious attachments". The attack mechanism is a phishing operation that encrypts files using the AES-128 cipher, and demands a ransom ranging from US$300 to $600 in bitcoins in order for the data to be released.

Barlow said backups were key. Though experts claim the situation is under control, they don't rule out the possibilities of more such attacks in the coming days.

The minister said he hadn't got any reports about Indian banking networks and online payment systems being compromised, and declared all government systems and networks run by the National Informatics Centre were completely secure.

The attack stoked fears that the spy agency's powerful cyber weapons could now be turned to criminal use, ratcheting up cyber security threats to a whole new level.

"They're going to end up going above and beyond and some vendors are going to start extending support for out-of-support things that they haven't done before", said Greg Young, an analyst at market research firm Gartner. The fact that there was a "kill switch" in the ransomware, which a researcher was able to activate on Friday, stopping the attack at least temporarily, suggests the coders were sloppy.

Avivah Litan, a cybersecurity analyst at Gartner, agreed that the government is "is negligent not doing a better job protecting companies", but added that it's not like "you can stop the US government from developing cybertools" that then work as intended.

The report said that in China, more than 29,000 IPs were infected by the virus from Friday to Saturday, most of which were universities, hospitals, transport systems and companies. The longer you wait, the more you have to pay. But the success of the attack shows that not enough people took advantage of the patch.

"That means it's not just coming in through email".

Here's the link to the official update page by Microsoft, which includes patches for most of the versions.

According to The New York Times, users of Macs or other non-Windows computers were not affected with this. And that may account for why systems are left vulnerable. Once malicious software is in the wild, it is commonly reused by hacking groups, especially nation states trying to leave the fingerprints of another country.

"By prioritizing clinical functionality and uptime, healthcare organizations may not always have the most up-to-date software". The precedent may impact other software sellers, too.

As MalwareTech noted in a blog post afterward, the ransomware was written to connect to an unregistered domain and "if the connection is not successful it ransoms the system, if it is successful the malware exits". In 2017, there are still commercial products that require Windows XP for which few patches are available, he said.

The Vietnam Computer Emergency Response Team (VNCERT), under the Ministry of Information and Communications, has issued warnings as well as offered protection measures to all users to guard against the ransomware and its variations, which target Microsoft Windows - an operating system that is widely used in Vietnam, especially the outdated Windows XP.

Like this: