Are you protected? How to avoid ransomware attacks
May 20 2017 by Kate Woods
It exploited a vulnerability in the Windows operating system believed to have been developed by the National Security Agency, which became public last month. The recent attack could have been prevented by an update Microsoft previously made available to Windows users. "We've seen a huge focus on nation-state hacking by other countries including Russian Federation and North Korea".
- Who was behind the attack? You're only safe if you patch ASAP. "Still, the NSA can't be very proud of this". The attackers have locked up users' data and are demanding between $300 and $600 for the encryption key.
That quick thinking may have saved governments and companies millions of dollars and slowed the outbreak before USA -based computers were more widely infected. The NSA, FBI, and other USA governmental groups discover or pay to acquire zero-day attacks-ones which haven't yet been patched by companies such as Microsoft-to use in their arsenal of spy tools.
Smith wrote in a blog post Sunday that the attack is an excellent object lesson in why governments stockpiling such vulnerabilities is such a problem.
Authorities fear that new variations on the malware may begin spreading this week as more threat actors get their hands on the code and create new versions that behave differently but with the same effect. Computers running Microsoft Windows were infected with "WanaCrypt0r 2.0 or WannaCry" ransomware.
Also known by other names such as "WannaCrypt", these assaults on Windows PCs-which encrypted unsuspecting users' data, then demanded a ransom payable in bitcoin to restore access-didn't need to happen at all.
"In some ways it's a daring move by Microsoft", Klein says. Over the weekend the company took the unusual step of releasing a similar patch for Windows XP, which the company announced in 2014 it would no longer support.
There are plenty of theories - among them that far too many computers in hospitals were running Windows XP. No matter how Microsoft pushes the newest system to customers (the upgrades are free), some systems stick with the old versions, simply because they can't afford the switching effort in terms of the time required and the old hardware's insufficiency.
At least two security firms-a FOX-IT here and CrowdStrike here-said spam that sent fake invoices to end users provided the crucial initial vector to seed the self-replicating attack, but none of the three companies have produced copies. He noted, however, the complexity that can be involved in patching a security hole. "To protect your computer from such malicious malwares, one should be aware of the security measures and install all necessary updates", Dinesh Yadav, superintendent of police (city), said in a press note.
Edward Snowden, the former NSA contractor who leaked evidence of the agency's data collection program in 2013, has spoken out on Twitter to criticize the NSA for building this "dangerous attack tool". New cybersecurity policies should find a way to work with companies to coordinate intelligence about vulnerabilities. Backups often are also out of date and missing critical information. The idea behind ransomware is simple: no one is willing to pay as much as you for your data.
"It's not rocket science", Litan said. Asked what the company is doing to prevent such exploitations, he cited "basic IT security blocking and tackling".
"People going back to work on Monday may switch on their computers and see their systems have been impacted", he said.
The ransomware attack was particularly malicious, because if just one person in an organization clicked on an infected attachment or bad link, all the computers in a network would be infected, said Vikram Thakur, technical director of Symantec Security Response.