WannaCry update: No new attack but danger not over yet
On Friday, a massive ransomware attack infected more than 230,000 computer systems across the world. But the danger isn’t over yet: in fact, an expert predicts there may be another attack just around the corner.
“[There is] another one coming…quite likely on Monday”, said the UK cybersecurity researcher, tweeting as @malwaretechblog, who helped halt the spread of the virus by accidentally activating a “kill switch” in the malicious software.
Government agencies, private firms and individuals in 100 countries were affected by the ransomware, known as as WannaCry and variants of that name.
The UK’s National Health Service (NHS), multinational courier delivery services company FedEx and car manufacturers Nissan and Renault were among the worst hit by the attacks carried out using tools stolen from the US National Security Agency (NSA).
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP.
— MalwareTech (@MalwareTechBlog) May 14, 2017
‘Very profitable for criminals’
“We have seen ransomware attacks against the NHS in the past, including Barts Health Trust in January. However, this looks to be more serious and is potentially targeting core systems used by multiple hospitals. Unfortunately, the ransomware ‘business model’ is very profitable for cyber criminals and we’ve seen multiple reports of organisations paying out in the past,” said Rick Holland, Vice President, Strategy, Digital Shadows.
Experts have asked users to patch their systems with security updates. Microsoft has already created security patches for its now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.
“Keeping up-to- date with ransomware is not easy, there are many variants. Many do get shut down and their encryption cracked, only for another version to spring up – therefore, it’s a constant game of constant cat and mouse. Those within the NHS will now be looking to contain the threat. We can only hope that adequate back-up measures have been put in place so vital data can be restored and systems cleaned. Most ransomware locks data rather than steals it – if that is the case here then the threat can be somewhat contained,” Holland added.
Is Middle East safe?
It is not yet clear if any country in the Middle East region has been a victim of the latest cyber-attacks. However, the UAE has confirmed that no cases of malware attacks have been reported in the country.
The Telecommunications Regulatory Authority (TRA) said on Saturday that “The #aeCERT team in the TRA said that so far we have not received any e-government services cases that are affected by the virus.”
The TRA has called on “system administrators to increase the degree of readiness and continuous monitoring of the systems and to inform the authority in case their devices got exposed to the virus.”
More importantly, security experts have always said the countries in the region are highly vulnerable to cyber-attacks and have asked them to step up measures to avoid such instances.
Cyber crime in the Middle East
According to findings from a 2016 PwC survey, cybercrime is the second most reported crime faced by businesses in the Middle East, affecting 30 per cent of organisations. This is higher than world trends; 42 per cent of respondents in the region said they had suffered high or medium level damage to their reputation as a result of cyber-attacks, compared to 30 per cent globally.
American software company Symantec’s latest report revealed that Saudi Arabia was the most targeted country in the Middle East and Africa followed by the UAE for ransomware attacks. The kingdom ranked the 20th in Symantec – Internet Security Threat survey while the emirates came at the 26th spot globally.
Furthermore, credentials of 20,000 GCC employees were compromised and leaked online last year.
Tips to bank on
Here are a few tips from TRA on how to deal with ransomware and other cyber threats:
Thousands of institutions around the world have been subjected to a series of WannaCry ransom attacks over the past few hours, causing their data to be encrypted with a claim for payment. TRA calls on users not to open links and files that they may receive from unknown sources, trying to deceive them to download it and then penetrate their devices.
What is this virus?
It is a malicious program that affects smart phones and computers, encrypts and locks their data so that it can not be accessed until payment is made.
How can the virus penetrate your system?
1. The victim receives a message or link from an anonymous person, the content of the link is a file
containing malicious software.
2. The sender tempts the victim to download the file by deceiving him or her that the message contains
important or personal files.
3. The user uploads the file to his or her smartphone.
4. The virus encrypts important data in the device or encrypts the entire device, so that the user can not
access his or her data.
5. The offender asks the victim for money / a “ransom” in exchange for the decoding of the data and
returning it to its nature.
How do you reduce your risk of exposure to this virus?
– Make sure to back up your device data constantly, to recover it if you are infected with the virus.
– Avoid opening links from unknown sources, and do not upload files sent by anonymous people via e-
– Use anti-virus software and make sure it’s original, and update it constantly
– Update the operating system of your phone and PC continuously, and be sure to update the software
– Avoid access to suspicious sites
– Be sure to download software and applications from their official sources and avoid pirated programs
What to do if your computer gets infected with the virus
– Avoid obeying them. If you pay the required amount, they will continue to extort and ask for more
What to do if your computer is infected with the virus
– Avoid obeying them. If you pay the amount required, they will continue to blackmail you and they'll
ask for more money.
– If the affected device is affiliated to your organisation, inform the IT department directly.
– If the affected device is your personal computer, take it to the authorised dealer.
– Stop operations on the device or network directly and restore the back-up.