HACKED!
A recent cyber attack caused chaos around the world. How did the drama unfold – and how can you protect yourself?
YOU switch on your computer and your heart sinks. On the screen is a message that reads, “Oops, your files have been encrypted.” Your computer has been hijacked and now the only way to regain access to all the documents on your hard drive is to pay a fat ransom. If you don’t, the message warns, everything will be deleted.
The bug is called WannaCry for good reason – because it literally makes you want to cry. At the time of going to print it had taken hostage an estimated 200 000 computers in more than 100 countries, including South Africa, as it swept the globe, bringing hospitals, banks, schools and car factories to a standstill.
There’s never been a cyber ransom attack on this scale. What makes WannaCry so dangerous is it hops from computer to computer, infecting entire company networks and spreading like wildfire. Luckily as the bug spread sowing chaos, a mystery tech crusader found a way to halt it. But he warned cyber criminals would soon be back with new versions that would unleash even more havoc. And he was right.
But don’t be a sitting duck. Read on to find out how these invisible extortionists operate and what you need to do to protect yourself.
HOW IT WORKS
It relies on someone in your company clicking on a standard phishing email scam. Once the bait is taken and one computer is infected, a devastating piece of malware known as a worm is released and spreads through the company network. The bug specifically targets computers using older versions of Microsoft’s widely used Windows operating system. It can affect all versions before Windows 10 unless they’ve been protected with a special security patch.
Once your computer is infected the bug locks files and encrypts them so you can’t access them any more. A pop-up window appears demanding a ransom of $300 (R4 050). You’ll be warned that if you don’t pay within three days the ransom will double to $600 (R8 100) and if you fail to cough up within six days all your precious data will be deleted.
WHO’S BEHIND THE ATTACK?
Last month a mysterious group called Shadow Brokers claimed to have hacked into the US National Security Agency (NSA) and discovered a tool, Eternal Blue, developed to gain access to computers used by terrorists and enemy states.
The hackers shared this tool, which exploits a flaw in older versions of Windows, on the internet. It’s thought another hacking group used this to develop WannaCry. “It’s likely that regular online criminals simply used the information the Shadow Brokers put on the internet and thought, ‘How can we monetise this?’ ” says British computer-security expert Graham Cluley.
HOW THE VIRUS AFFECTED THE COUNTRIES IT ATTACKED
The worm reared its ugly head on Friday 12 May, hitting targets both large and small.
BRAZIL Citizens were left stranded after the country’s social security system went offline. Brazil’s state-owned oil company Petrobras was also forced to disconnect its computers as a precautionary measure. UK The United Kingdom was among the hardest hit, with at least 40 hospitals that are part of the National Health Service (NHS) network affected. The bug made confidential patient information and documents inaccessible, forcing surgeries – even crucial heart operations – to be postponed. Bizarrely up to 90 percent of NHS computers still run Windows XP, first released in 2001, which Microsoft no longer supports. This is why the country’s
health system was so badly affected by WannaCry.
RUSSIA Several banks and one of the country’s largest cellphone network providers were affected.
CHINA More than 29 000 institutions across the country – including universities, railway stations, hospitals and petrol stations – were affected, China’s state media reported.
JAPAN More than 600 companies, including Nissan and Hitachi, were scrambling to address the problem after their computer systems were invaded by the worm.
FRANCE Carmaker Renault had to halt production at its assembly plants to stop the malware spreading through its IT systems. GERMANY The departure and arrival screens at train stations went on the blink as the IT systems of Deutsche Bahn were infected by the WannaCry worm. Fortunately this had no impact on actual train services.
MYSTERY HERO SAVES THE DAY
By sheer accident a 22-yearold security researcher found a way to halt the worm.
Int r igued by what was happening, the UK-based nerd inspected the source code of the ransomware and saw it featured a link to an inactive domain. Out of curiosity, he decided to pay $10,69 (R144,31) to buy the domain. Unbeknown to him the action of purchasing the domain activated a “kill switch” coded into WannaCry by its creators.
“I’ll confess I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” the mystery hero, who goes by the pseudonym MalwareTech, said in an interview afterwards.
But he warned that all he’d done was offer computer users a brief respite. “This isn’t over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again.”
And he was right. At the time of going to print a second wave of attacks had already begun, employing a method that didn’t seem to offer a “kill switch”.
SHOULD YOU PAY THE RANSOM?
The short answer is no. It will only encourage attackers to cook up further ways to prey on vulnerable computer users. And even if you do pay there’s no guarantee all your files will be returned to you.
A number of sites have sprung up offering apps that claim to remove WannaCry from your computer. Be careful about using these because you could just make yourself vulnerable to other online predators.
You can try rolling back your operating system to restore your computer to a previous state but even though it might clear the malware your files might remain locked.
If this is the case the only option available to you is to reset your computer by erasing your hard drive and restoring everything from a backup. You do have a backup, don’t you?
FUTURE SHOCK
Cyber experts say although WannaCry has left computer users the world over reeling, this is nothing compared to what hackers have the potential to unleash.
“This is child’s play, what happened,” says American cybersecurity expert Ori Eisen. “This isn’t the serious stuff yet. What if the same thing happened to 10 nuclear power plants and they’d shut down all the electricity to the grid? What if the same exact thing happened to a dam or to a bridge?”
WannaCry could embolden others to develop new tools to commit cyber extortion. Experts predict that cybercriminals could target nuclear power plants, dams or railway systems, thus holding whole countries and perhaps even entire continents to ransom.