‘WannaCry’ ransomware attack: What we know

“We’ve seen even terror groups finance their organizations by using operations like cybercrime and ransomware”, Ryan Kalember, a cybersecurity strategy expert at Proofpoint, said to CBS past year.

Some organizations disconnect computers as a precautionary measure.

Newer operating systems are constantly changing and patching these vulnerabilities, offering better protection against attacks. Machines that contained the patch are much less at risk than those that didn’t.

So criminals turned to targeted attacks instead to stay below the radar.

‘There has been one incident of the ransomware hitting a business here in Australia and there could be two other incidents where it has occurred although we are trying to confirm that, ‘ he said.

Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.

Some organizations around the world will likely wake up to computers infected by the ransomware, causing it to potentially spread even further. The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own purposes and was later leaked to the internet.

Since security professionals typically focus on building walls to block hackers from entering, security tends to be less rigorous inside the network.

Meanwhile Europol’s chief told the BBC that that the ransomware was created to allow “infection of one computer to quickly spread across the networks”, adding: “That’s why we’re seeing these numbers increasing all the time”.

The systems run by the National Informatics Centre, which maintains the government’s online infrastructure, were secure, the Minister said. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks). But they could still linger as low-grade infections that flare up from time to time.

Hitachi: The Japanese electronics firm said Monday that its computer systems have been experiencing problems since the weekend, including not being able to send and receive emails or open attached files. The Government Digital Service did not renew the contract, leaving XP machines helpless in the face of attacks after April 2015.

The ransomware, called WannaCry, locked down all the files on an infected computer and asked the computer’s administrator to pay in order to regain control of them.

The damage might have been temporarily contained.

MalwareTech, who wants to remain anonymous, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it. But attackers can, and probably will, simply develop a variant to bypass this countermeasure.

According to Matthew Hickey, founder of the security firm Hacker House, Friday’s attack is not surprising, and it shows many organizations do not apply updates in a timely fashion.

Companies and institutions are often slow to update their computers because it can screw up internal software that is built to work with a certain version of Windows. On Friday, the whole world was met with a cyber-attack like no other.

The indiscriminate attack began Friday and struck banks, hospitals and government agencies, exploiting known vulnerabilities in older Microsoft computer operating systems.

Analysts point to the use of older software systems like Windows XP by many hospitals and the fact that IT professionals could not update or patch the older software until this attack as part of the problem.

Representation pic