WannaCry takes its toll locally | ITWeb
The virus, called WannaCry, WanaCrypt0r 2.0 or WCry?, seizes control of a user’s computer and encrypts all data until a ransom is paid to the cyber criminal in the form of Bitcoin.
The outbreak has infected major organizations, including the National Health Service in the UK, Telefonica in Spain, and French car manufacturer Renault. It is estimated more than 200 000 computers have been infected in more than 150 countries.
WannaCry is differentiated from other ransomware as no human interaction is needed for the virus to be activated on a system. Normally, attackers would send out a link via social media or e-mail, and for the virus to be activated on a computer, users would need to click the suspicious link.
WannaCry exploits a vulnerability believed to have been built by the US National Security Agency to spy on people.
Therefore, all Windows computers which are not running the latest version of the software are vulnerable. Once sent to a vulnerable computer, the virus spreads once it is connected to the system and searches for other computers on the same network.
In SA, Craig Rosewarne, MD of Wolfpack Information Risk, says there has been an impact locally but at this stage it is confined to a couple of small to medium corporates.
He says his team is looking to where it is going, with fears it will move to critical infrastructure such as the mining, medical, traffic control and banking industries in SA.
A Pandora’s Box has been opened and I don’t see it stopping.
– Guy Golan
Research done by the company last year found the systems used to run critical infrastructure in SA are not secure, running on legacy software and not performing regular updates.
Guy Golan, CEO of Performanta Group, says he cannot reveal infected clients’ identities but did say his company is working with global organizations that have a strong regional presence, as well as smaller firms.
No end in sight
The first wave of WannaCry attacks started towards the end of last week. Golan says the second wave is currently happening and started at 4am this morning.
“We do envisage more local breaches this week.”
Craig Rosewarne, MD of Wolfpack Information Risk.
Golan says there will continue to be more waves as criminals tweak the virus to combat the methods put in place to kill it. He notes the series of documents, called Vault 7, leaked earlier this year are to blame for the robust virus.
Vault 7 detailed how the US CIA performed electronic surveillance and cyber warfare. This information is now being used by the ‘bad guys’, says Golan.
“A Pandora’s Box has been opened and I don’t see it stopping.”
Golan says companies should make sure all their systems are up to date and patched using the latest patch released by Microsoft two months ago.
Individuals should perform regular anti-virus checks and backup any data they are not willing to lose, to a hard drive that is disconnected from a computer, or a cloud system like Google Drive or One Drive.
Damage outweighs ransom
The asking price to unencrypt data by cyber criminals has been reported to be between $300 and $100 000 per attack. Golan says this is very little compared to the alternative costs the virus is causing.
Guy Golan, CEO of Performanta Group.
His team of 30 people in the UK, Australia and SA have been working non-stop for the past 72 hours with no sleep to defend clients. He says this will cost the company nearly R1 000 per person, per hour.
His advises victims to not pay ransoms but rather to call a technician to restore the machine from a backup.
Healthcare systems, individuals who do not keep their personal computers updated, and dispersed organizations such as insurance companies, are the most at risk and will be the biggest casualties, says Golan.