The Federal Government has confirmed that eight Australian Small Businesses have been hit bya huge Malware attack orchestrated globally on the weekend. Whilst the Prime Minister's Cybersecurity Advisor has warned that the "game is not over" between hackers and cybersecurity companies. Globally the attack compromised around 200,000 machines, one of the largest in history.
It all happened in less than two days created with information leaked from the NSA. In this short amount of time it spread like wildfire across the globe and infected hundreds of thousands of PC's. The Ransomware strain is simply known as WannaCry. The thing about this particular strain of Ransomware, and all others,is that it doesn't discriminate; so PC's residing at critical operations like hospitals and schools were rendered inoperable.
What is WannaCry?
WannaCry is a form of Malware known as Ransomware that attempts to render a computer useless by encrypting files then demanding a payment to regain access. While the ransom demands vary for different strains of Ransomware, WannaCry victims are asked for US$300 and then later US$600, if the user still refuses to pay up they are threatened with a complete delete of all of their files.
What are the impacts?
Across most sources this is being accepted as one of the worst Ransomware attacks in history. At the time of writing thisarticle it is thought that up to 3,600 computers an hour are being affected by this insidious version.
Assistant Minister for cyber-security Dan Tehan said the ransomware had not affected Australia's critical infrastructure or Government agencies. "This is absolutely a wake-up call," he said. "We have to understand that ransomware costs the Australian economy $1 billion a year conservatively."
How is it spread?
A brief explanation on how it is being spread:
The underlying tool is believed to be the EternalBlue program developed first by American security services and subsequently leaked. A quick definition on how it spreads is such:
- The ransomware is using a known, publicly disclosed exploit in SMBv1 (Server Message Block Version 1). It is an application-level protocol used for sharing files and printers in a networked environment.
What can I do right now to protect myself?
- Patch your computer, keep your computer up-to date with the latest software releases for your operating system.
- Keep secure backups, in the event of something like this hitting your business your best protection is a secure backup from where you can restore your files if the worst was to happen.
- Don't click on suspicious links. If you're being asked to click on a link, exercise caution. Make sure that you know where the link is going and if you have any suspicions at all, don't click.