Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Ransomware Spreading Rapidly

 

Systems Affected


All versions of Windows including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10.

Threat Level


High


Overview


Malicious software or "ransomware" has been used in a massive hacking attack, affecting tens of thousands of computers worldwide. Software security companies said a ransomware worm called "WannaCry" infected about 57,000 computer systems in 99 countries on Friday, with Russia, Ukraine, and Taiwan being the top targets.

The hack forced British hospitals to turn away patients, affected Spanish companies such as Telefonica, and threw other government agencies and businesses into chaos.


Description


Ransomware is a programme that gets into your computer, either by clicking or downloading malicious files. It then holds your data as ransom.

Some security researchers say the infections in the case of WannaCry seem to be deployed via a worm, spreading by itself within a network rather than relying on humans to spread it by clicking on an infected attachment.

The programme encrypts your files and demands payment in order to regain access.

Security experts warn there is no guarantee that access will be granted after payment.

Some forms of ransomware execute programmes that can lock your computer entirely, only showing a message to make payment in order to log in again.

Others create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.


Impact


WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore. It targets Microsoft's widely used Windows operating system. When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300. The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline of when the target will lose its data forever.

Payment is only accepted in bitcoin.

The ransomware's name is WCry, but analysts are also using variants such as WannaCry.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the US' National Security Agency (NSA), according cyber-security providers.


Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


FinCSIRT Sri Lanka http://www.aljazeera.com/news/2017/05/ransomware-avoid-170513041345145.html


Disclaimer


The information provided here in is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.