How Ransomware attack exposed online records vulnerability
The Ransomware attack which had wreaked immeasurable havoc to internet and computer systems across the world has exposed the vulnerability of millions of online records around the world.
The attack exploited the vulnerabilities in the Microsoft Windows Operating System, especially unsupported Windows XP, Windows 8, and Windows Server 2003.
Though slowing down now, the WannaCry attack had hit 150 countries, including Russia, China and the United Kingdom, and over 300,000 computer systems.
But security experts, last week, warned of imminent comeback of another Ransomware variant which would be more destructive than WannaCry and even more difficult to curtail.
Using tools believed to have been stolen from the US National Security Agency (NSA) the WannaCry attack came to limelight Penultimate Friday when many organisations noticed disruption in their online activities.
Among the worst hit was the National Health Service (NHS) in England and Scotland, according to media reports.
The malware spread quickly, with medical staff in the UK reportedly seeing computers go down "one by one".
NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer.
Some media reports said Russia was most hit by the infection. Domestic banks, the interior and health ministries, the state-owned Russian railway firm and the second largest mobile phone network were all reported to have been hit.
Russia's interior ministry said 1,000 of its computers had been infected but the virus was swiftly dealt with and no sensitive data was compromised.
In Spain, a number oflarge firms-including telecoms giant, Telefonica, power firm, Iberdrola, and utility provider, Gas Natural, were also hit, with reports that staff at the firms were told to turn off their computers.
France's car-maker, Renault, Portugal Telecom, the US delivery company, FedEx, and a local authority in Sweden were also affected.
China has not officially commented on any attacks it might have suffered, but comments on social media said a university computer lab had been compromised.
The infections seem to be deployed via a worm-a programme that spreads by itself between computers.
Most other malicious programmes rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code, according to reports.
By contrast, once WannaCry is inside an organization, it will hunt down vulnerable machines and infect them too.
Some experts said the attack might have been built to exploit a weakness in Microsoft systems that had been identified by the NSA and given the name EternalBlue.
The NSA tools were stolen by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a "protest" about US President, Donald Trump.
At the time, some cybersecurity experts said some of the malware were real, but old.
A patch for the vulnerability was released by Microsoft in March, which would have automatically protected those computers with Windows Update enabled.
A Microsoft enterprise partner in Nigeria, last week, issued a WannaCry ransomware advisory to its clients and key users of Windows applications across the country.
Speaking on the advisory, Kelechi Agu, Technology Lead on Security in Signal Alliance, said; “the important countermeasures to take are; make sure your endpoint protection solution includes malware recognition and decryption features. If it doesn’t, it is time to invest in one; replicate and back up important business data and services, redundancy is key, and ensure all Operating System patch updates are applied quickly.”
Initially, the ransomware was stopped by a kill-switch, discovered by an anti-malware researcher. This-kill switch was an unregistered domain the virus was apparently trying to connect to, once inside the network. The researcher bought the domain, which effectively stopped the spread of the virus albeit temporarily.
Speaking further, Agu says, “Working with Microsoft, Signal Alliance is currently assisting organisations or individuals who are facing the WannaCry or Ransomware challenge or have set up a command centre to resolve the problems professionally.”
But attack has not been reported in Nigeria yet. Minister of Communications Adebayo Shittu, said Nigeria escaped the attack because of the proactive measures taken by the National Information Technology Development Agency (NITDA).
An official had earlier told Daily Trust that Nigeria might have been flagged among countries to be hit by the cyber-attack.
He said the huge population of Microsoft operating system’s users in Nigeria made the country a possible target.
“Nigeria has been flagged among the countries to be attacked. Our massive usage of Microsoft Operating System has already made us vulnerable. We may see the true picture next week when work resumes”, the official who is a cybercrime prevention expert told our reporter on phone.
But NITDA said the country was not hit by the attack. NITDA Director General, Dr Isa Ali Ibrahim Pantami, said though attack was not reported anywhere in the country the agency had put some measures in place to prevent it from spreading to Nigeria.
He said Nigerians should quickly report any abnormality noticed in their computer system to: help@cerrt.ng , support@cerrt.ng , incident@ cerrt.ng .
Furthermore, the NITDA DG said should any system be infected by the ransomware, it should be isolated from other network to prevent the threat from further spreading.
In addition, he said, the following action should be taken immediately: remove the system from network, do not use flash/pen drive/external drives on the system to copy files to other systems, format the system completely, and contact NITDA’s Computer Emergency Readiness and Response Team for assistance.
Pantami, said Nigeria was largely spared from the attack due to the massive enlightenment campaign, awareness and proactive measures put in place to swiftly deal with any reported incident by the government.
“For systems that have been attacked, tools have been developed to unlock the files locked by this ransomware - the WannaDecrpyt or Wannakey. They have been found to have successfully decrypted systems infected with the ransomware. “
Similarly, an Information Technology firm has said organisations needed to adopt a bottom-up approach to cyber security to prevent further spread of WannaCry cyber-attack and other similar attack in future.
Weco System, a Nigeriabased network security company, said public and private establishments in the country needed to implement network security best practices to forestall any attack on their computer systems. “… the best way to prepare for Ransomware is to deploy a layered security approach which can respond before an attack, during an attack and after the attack,” it said.