this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

Select from any of the filters or enter a search term
Calendar
Calendar

Exclusive Member Content

A look at the “Wannacry” global hack

A look at the “Wannacry” global hack

By Belinda Wilson

Practice Management Technology 

0 Comments


LIV president Belinda Wilson discussed the “Wannacry” global hacking phenomenon with LIV IT manager Tony Jakubaitis.

BW: So Tony, what was the global attack about?

TJ: 638 million ransomware attacks were reported in 2016, but this one got a lot of media attention. It is the source of the ransomware that made it news worthy.

A hacking group called the Shadow Brokers obtained a cache of tools from another organisation called the Equation Solutions Group. This group is regarded as part of the offensive cyber operations arm of the US government National Security Agency (NSA).

The tools found consisted of a variety of programs to attack, monitor and take control of computer systems. It included software codenamed ‘EternalBlue’.

The Shadow Brokers set up an auction for the tools with a bundled price of $1 million dollars. There were no takers and the failed auction was closed, with the Shadow Brokers promising to release some of the tools regardless. One of the tools later released was EternalBlue.

This piece of software uses a flaw in the Microsoft Windows system to allow additional software to be loaded onto a PC or server. A hacking group has used these tools to create the “Wannacry” crypto virus.

BW: How can people protect their computer systems from these kinds of viruses?

TJ: Microsoft released a patch (MS17-101) in March that fixed the vulnerability exploited by wannacry. This protected machines running Windows 7 or later. However earlier unsupported operating systems (such as Windows XP) were exposed.

Microsoft has since released patches for older unsupported operating systems and these should be applied as soon as possible.

BW: So what did “Wannacry” actually do to computer systems?

Basically, "Wannacry" found machines with the vulnerability and installed encryption software. This software accesses any data files (Word, Excel, Powerpoint etc) that it can find on the machine or accessible network drives and encrypts them. A message is displayed to the user informing them that their files are encrypted and a bitcoin "ransom" must be paid to be able to access them again. The files are still actually on your machine, however without an un-encryption key, the files cannot be read.

The hackers claim that if you pay them the ransom, the key will be supplied. Just to apply additional psychological pressure, the ransom price increases with time and has a cut-off date.

BW: What happens if you are infected?

If you are infected you will see the following screen:

You will be unable to access some or all of you data files.

While security researchers have been able to break the encryption on some crypto-viruses, with “Wannacry” this is currently not the case.

BW: Do you have to pay the ransom or is there a way around it?

So far it is not known that anyone who has paid the ransom has received decryption keys. With most ransomware you are unlikely to be able to recover your data even after paying a ransom.

BW: Does it affect my documents in the cloud?

The affected on your documents depends on the particular ransomware software.

Ransomware software tends to encrypt only data file types. It looks for data files on local or network attached files. If the Cloud system appears as a local drive then it can probably encryption these files as well. It will also find any removable drives or USB devices and encrypt files on them as well.

BW: What are the top things that we should all do right now to protect ourselves?

You should always keep your system up to date. Any security patches should be applied when they are released, and older operating systems should be upgraded or replaced.

You should also keep backups of your system.  The backup copies should not be connected to the internet and kept in a secure separate physical location. You should keep multiple backups over a period of time as you may need to recover from older backups if there is corruption or a virus in newer backup copies.

The answer to the “How often should I backup?” question is basically “How many days work can you afford to lose?”

Ensure that you have up to date antivirus and malware software. This will help protect against malware but does not replace the requirement to keep your operating system up to date or keep backups.

While this crypto-virus affects Windows systems, there are varieties that affect Apple Mac systems as well. All these recommendations apply to both Windows and Mac systems.

You should also ensure that your network is protected by a firewall and email filtering system.  This particular virus could propagate by exploiting a flaw in the Windows operating systems. However a correctly configured firewall would have stopped access to these systems from the internet.

Lastly but probably most importantly is user education. Most malware is spread by email and web links. The document attached to the email you have received may be a file hosted on a site such as Dropbox or Google Docs, but once clicked on will download and encrypt or destroy your systems.

Do not click on links unless you know they are from legitimate sources. Do not open attachments unless you know the sender and are expecting documents.

Unfortunately there are a lot of clever and malicious people out there, and the situation is only getting worse. The Shadow Brokers still have more tools they have promised to release and hackers are always developing new methods of attack.

Try and ensure your security is a good as it can be, that your staff is aware of potential hazards, and you have enough secure backups to recover your systems in the case of a disaster.


Views expressed on liv.asn.au (Website) are not necessarily endorsed by the Law Institute of Victoria Ltd (LIV).

The information, including statements, opinions, documents and materials contained on the Website (Website Content) is for general information purposes only. The Website Content does not take into account your specific needs, objectives or circumstances, and it is not legal advice or services. Any reliance you place on the Website Content is at your own risk.

To the maximum extent permitted by law, the LIV excludes all liability for any loss or damage of any kind (including special, indirect or consequential loss and including loss of business profits) arising out of or in connection with the Website Content and the use or performance of the Website except to the extent that the loss or damage is directly caused by the LIV’s fraud or wilful misconduct.

Be the first to comment