Australians have become the latest victims of a massive global cyber attack that combines the potency of a ransomware attack with the rapid spread of a worm virus.
It has already claimed more than 200,000 victims in more than 150 countries around the world.
It is believed to be the biggest online extortion attack in history and has caused worldwide chaos in factories, banks, transport systems and government agencies.
As Australians return to work today, there are fears the attack will spread even further as computers are switched on for the new work week.
This attack, called WannaCry, is a classic ransomware ploy where the targeted computer is locked and files held for ransom.
Victims then receive a message demanding payment for the return of their vital documents.
Reports indicate the ransom demands started at $US300 and increase every two hours until the victim pays.
The attack spread as a self-replicating application that took advantage of a vulnerability in older versions of Microsoft’s popular Windows operating system.
This malware is also able to spread from computer to computer through contacts and mailing lists which accounts for the incredible speed of the deployment.
“This attack starts off as a regular ransomware attack, with emails sent to users tricking them to open the attached malware file which infects their computers,” says Symantec security expert Nick Savvides.
“What is different about this attack though, is rather just infect encrypt the contents on the computer it is run on, it can automatically spread to other computers on the same network encrypting their files as well all without any human intervention.
Savvides says ransomware has become a major problem in Australia.
“This is not a targeted attack, which means many people will receive the malicious emails. Symantec and Norton protect millions of users in Australia and the telemetry has shown that Australians have been targeted with most attacks being blocked.
“According to Symantec’s latest Internet Threat Security Report (ISTR), Australia was third highest country in APJ at risk of ransomware, and 11th in the world.”
“Ransomware doesn’t discriminate and affects home and business users. Typically, home users are more likely to pay ransoms as their data tends to be stored on one or two computers.
“While businesses have backups and many computers, unfortunately in this instance it may not be enough as the ransomware can rapidly spread to those systems. Symantec and Norton customers are protected against WannaCry using a combination of technologies.”
Microsoft says it has already issued software patches for these vulnerabilities but until this is applied, companies and individuals are still vulnerable.
Remarkably, if not for the efforts of a 22-year-old computer expert, the attack would have been far more severe.
The person, which no one can confirm is male or female, managed to redirect the attack to a single domain name to activate a “kill switch” and stop the spread of the attack.
HOW CAN YOU PROTECT YOURSELF
– Make sure your Internet security software is up-to-date to protect yourself against ransomware, as new variants appear on a regular basis.
– Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attacker
– Be wary of unexpected emails. Email is one of the main infection methods especially if they contain links and/or attachments.
– Be wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
– Always have a backup of your files. Uses should regularly have a backup of their computer files to protect themselves if their computer is damaged or stolen or if they are targeted by ransomware attack. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
– Where do I backup? There have been instances where malware has also infected connected hard drives and the backups. It’s a good idea to have a cloud-based backup which is safely stored online and easy to retrieve.
– Run the Windows patch. Microsoft has already issued a fix to the vulnerability so be sure to check for your updates and run the patch if necessary.
THE FRIGHTENING STATS ABOUT RANSOMWARE*
– The average ransom per victim grew to $1,077 in 2016, up from $294 in 2015 (266% increase).
– Ransomware attacks grew to 463,841 in 2016, up from 340,665 attacks in 2015 (36% increase).
– More than 70 percent of malware attacks on the healthcare industry were ransomware in 2016, including hospitals, pharmacies and insurance agencies.
– 1 in 131 emails contained a malicious link or attachment in 2016 – the highest rate in five years.
– There was a two-fold increase in attempted attacks against IoT devices over the course of 2016 and, at times of peak activity, the average device was attacked once every two minutes
* from the latest Symantec Internet Security Threat Report