Security expert warns Jamaicans against downloading viruses for love of freeness
As computer hackers hold roughly 80 countries ransom ...
ECONOMIC HARDSHIPS faced by Internet users across the globe are being cited as playing a significant role in large numbers of persons falling victim to cyber hackers and scammers.
Local information security consultant Damian Donaldson made the observation in the wake of what is being considered one of the largest cyber-attacks the world has ever seen.
Since last week, hackers have held institutions in roughly 80 countries ransom through a type of malicious software called ransomeware, which prevents computer users from accessing their software files until specified demands are met.
Britain’s public health-care system has been severely affected, having its data seized, forcing information owners to pay large sums before the data is released. Impact has also been felt as far as Russia, and Jamaica’s Technology Minister Dr Andrew Wheatley has indicated that his ministry is monitoring the situation.
NO GUARANTEE OF RELEASE
Yesterday, Donaldson said that even after hackers’ demands have been met, there is no guarantee that the information will be released.
“Basically, you write a programme that bypasses the security weakness on the system, and what they do once they get that on to the system is encrypt, scramble information on the computer, and they tell the owners of the system that you have to pay some money, and if you pay the money, we provide you with the means to decrypt or unscramble the information. It is similar to an extortion racket,” he said.
Donaldson, providing a warning to individuals even though the current hacker activity has primarily affected institutions, noted that persons often have very insignificant defence mechanisms, and, in many cases, gravitate too much towards bootlegging and downloading cracks for software.
“These systems that get attacked, oftentimes, they are not up to date with their security patches and their security updates. Sometimes it is down to user error. People have bad [Internet] behaviour. They go to risky websites. Instead of buying a legitimate copy of Windows, some people would download a bootleg copy. In the bootleg copy, the attackers rig up things to get access to their machines, and, from there, they are able to launch attacks,” he said.
“That’s a big problem, especially in developing countries. You find a lot of that in Asia and among the African nations, where the economic situation is difficult and people are going to rush to get freeness rather than pay the full cost. Computers under control of attackers [have] a lot of bootlegging going on.”
THE CYBERATTACK that spread malicious software around the world, shutting down networks at hospitals, banks and government agencies, was thwarted by a young British researcher and an inexpensive domain registration, with help from another 20-something security engineer in the United States.
Britain’s National Cyber Security Centre and others were hailing the cybersecurity researcher, a 22-year-old identified online only as MalwareTech, who – unintentionally at first – discovered a so-called ‘kill switch’ that halted the unprecedented outbreak.
MILLIONS SAVED
By then, the ‘ransomware’ attack had crippled Britain’s hospital network and computer systems in several countries in an effort to extort money from computer users. But the researcher’s actions may have saved companies and governments millions of dollars and slowed the outbreak before computers in the US were more widely affected.
MalwareTech, who works for cybersecurity firm Kryptos Logic, is part of a large global cybersecurity community which is constantly watching for attacks and working together to stop or prevent them, often sharing information via Twitter. It’s not uncommon for them to use aliases, either to protect themselves from retaliatory attacks or for privacy.
In a blog post on Saturday, MalwareTech explained that he learned on Friday that networks across Britain’s health system had been hit by ransomware, tipping him off that “this was something big”.
He began analysing a sample of the malicious software and noticed its code included a hidden web address that wasn’t registered. He said he “promptly” registered the domain, something he regularly does to try to discover ways to track or stop malicious software.
Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm Proofpoint, was doing his own analysis. The western Michigan resident said he noticed the authors of the malware had left in a feature known as a ‘kill switch’. Huss took a screen shot of his discovery and shared it on Twitter.
Soon he and MalwareTech were communicating about what they’d found: That registering the domain name and redirecting the attacks to the server of Kryptos Logic had activated the kill switch, halting the ransomware’s infections.
A ‘HERO’
Huss and others were calling MalwareTech a hero on Saturday, with Huss adding that the global cybersecurity community was working “as a team” to stop the infections from spreading.
“The ‘hero’ is a bit strong,” MalwareTech said on Sunday. “I sort of did what I could.”
Both said they were concerned that the authors of the malware could re-release it without a kill switch or with a better one, or that copycats could mimic the attack.
“I think it is concerning that we could definitely see a similar attack occur, maybe in the next 24 to 48 hours, or maybe in the next week or two,” Huss said. “It could be very possible.”
Who perpetrated this wave of attacks remains unknown. This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the US, Russia, Ukraine, Brazil, Spain and India.
Europol, Europe’s policing agency, called the attack unprecedented and said computers in more than 150 countries have been affected. Two security firms – Kaspersky Lab and Avast – said Russia was hit hardest.
These hackers “have caused enormous amounts of disruption – probably the biggest ransomware cyberattack in history,” said Graham Cluley, a veteran of the antivirus industry in Oxford, England.