Richard
JF-Expert Member
- Oct 23, 2006
- 15,692
- 23,038
Message showing the infected computer.
Several countries in the world have been hit by a ‘cyber attack’ throwing hospitals and several organisations IT systems into chaos.
The software locks computers and asks for a digital ransom before control is safely returned.
Ransomware attacks are not new, but the speed of the recent hackings has alarmed security experts.
In a few hours, the malware had already infected victims in at least 74 countries, including Russia, Turkey, Germany, Vietnam, and the Philippines - and is thought to be spreading at a rate of five million emails per hour.
In United Kingdom the attack, which is believed to have impacted hospitals across the country is reportedly a case of so-called ‘ransomware’ being installed on a number of NHS IT systems.
In Spain, the Telefonica mobile phone network was hit with computers on an internal network being infected by the ransomware.
In the US, delivery company FedEx was hit by the ransomware and said it was 'implementing remediation steps'.
Various trusts around the country have confirmed they’ve been hit by a ‘cyber attack’ - with various others posting screenshots of computers hit with the virus.
The pictures show a message appearing on a screen informing the user that their files have been encrypted - demanding a ransom to be paid in order to free up the files.
What is ransomware?
According to TrendMicro - a Japanese multinational security software company - ransomware is a piece of software which quite literally holds your computer to ransom.
It can take a number of forms - such as locking a user’s access to their computer, to encrypting files on your hard drive, rendering them inaccessible.
Those holding the computers to ransom demand payment - usually through an online system such as Bitcoin - in order to make the computers usable again.
The Trend Micro website says: “Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid.
“More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.”
However tempting it may seem to simply pay the ransom, Trend Micro warns that paying such fees does not guarantee they will actually decrypt your files.
How does ransomware get on your computer?
Ransomware is often installed on computers through what is known as phishing.
This is where the user receives a fake email claiming to be from a friend or relative - or even an organisation such as a bank.
The e-mails are often extremely convincing, leading users to click links or download attachments from the email - which then install the ransomware on your computer.
The WannaCry virus which attacked NHS systems in UK targets Microsoft's widely used Windows operating system.
The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.
It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.
It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.
What are the hackers asking for?
The hackers are asking for payments of around GBP 230 or Euro 271 ($300) in Bitcoin.
Payments can be sent to at least two anonymous Bitcoin wallets that are routed through the Dark Web and cannot be traced.
Payments appear to be being made to the Bitcoin addresses given in the NHS attack.
It is not possible to say who has paid the ransom so far.
Who could be behind the attacks?
The ransomware attack is one of the largest ever seen.
One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name.
Some of the organisations affected do not appear to have been specifically targeted by the attack, meaning it could be spreading at random.
A number of different groups could be behind the string of hackings.
While it is possible a large cyber criminal gang are responsible, the attacks could also be government-orchestrated.
It has previously been suggested that a string of ransomware attacks on US companies last year were perpetrated by Chinese government hackers.
How to protect yourself from ransomware
Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:
1. Use reputable antivirus software and a firewall
2. Back up your computer often
3. Set up a popup blocker
4. Be cautious about clicking links inside emails or on suspicious websites
5. If you do receive a ransom note, disconnect from the Internet
6. Alert authorities
Until tonight there has been not any reports of attacks from Africa although the attacks could have already occurred at some point this weekend.
More news to follow:
Source: various international news.
