Ways to Become a Smaller Target for Ransomware Hackers

Adjust Comment Print

"Organizations need to update their software", Kristy Campbell, chief spokeswoman for the cybersecurity firm Proofpoint Inc., told NBC News on Sunday.

The National Cyber Security Centre, part of the GCHQ electronic intelligence agency, said it was working with police and the health system to investigate the attack.

Europol's Wainwright said few banks in Europe had been affected, having learned through the "painful experience of being the number one target of cyber crime" the value of having the latest cyber security in place. "We've seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released". The attack has now continued to spread; hitting thousands of computers in China and Japan today.

Complicating matters is that new versions of the worm launched over the weekend are recoded to skirt the temporary fix, according to security specialists. "We haven't fully dodged this bullet at all until we're patched against the vulnerability itself".

The attack held users hostage by freezing their computers, encrypting their data and demanding money through online bitcoin payment - $300 at first, rising to $600 before it destroys files hours later.

Interior Ministry: The Russian Interior Ministry acknowledged a ransomware attack on its computers, adding that less than 1% of computers were affected. The malware called WannaCry locks down the targeted machines by encrypting its data refusing access to its owner until he pays the demanded ransom.

Still, "My answer is, never pay the ransom", Abrams said.

Sixteen National Health Service organizations in the United Kingdom were hit, and some of those hospitals canceled outpatient appointments and told people to avoid emergency departments if possible. On Sunday, Chinese media reported that students at several universities were hit by the virus, which blocked access to their thesis papers and their dissertation presentations. An unidentified young cybersecurity researcher claimed to help halt WannaCry's spread by activating a so-called "kill switch".

Senior U.S. security officials held another meeting in the White House Situation Room on Saturday, and the Federal Bureau of Investigation and the National Security Agency were working to help mitigate damage and identify the perpetrators of the massive cyber attack, said the official, who spoke on condition of anonymity to discuss internal deliberations. That low-cost move redirected the attacks to MalwareTech's server, which operates as a "sinkhole" to keep malware from escaping.

Security agencies have so far not been able to identify who was behind the attack.

Microsoft distributed a patch two months ago that could have forestalled much of the attack, but in many organizations it was likely lost among the blizzard of updates and patches that large corporations and governments strain to manage. "It should just be a case of making sure installing updates is enabled, installing the updates, and reboot".

The malware, which exploits a vulnerability in Microsoft's Windows XP, was reportedly stolen and leaked from the NSA back in April, leading Microsoft's president to criticize the NSA for keeping tabs on software weaknesses.

"It's an worldwide attack and a number of countries and organizations have been affected", she said.

Another safety measure suggested by CERT-In was "users and administrators are advised to apply patches to Windows systems as mentioned in the Microsoft Security Bulletin MS17-010."for network protection, use host based firewalls between workstation".

Once clicked, the virus starts spreading. The National Center for the Protection of Critical Infrastructure says Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack. It seems many PCs didn't get updated, leaving them exposed to the malicious ransomware.

"Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups".