An unprecedented malware attack shook the world last week infecting more than 300,000 computers in more than 150 countries which include Russia, Ukraine, India, and Taiwan. Parts of Britain’s National Health Service (NHS), Spain’s Telefonica, FedEx, Deutsche Bahn and LATAM Airlines were also hit along with many other countries and companies. It’s has come to be known as one of the biggest cyberattacks recorded in history and considered as a technological apocalypse by many.
What is Ransomware?
Any malicious software which encrypts a user’s files and demands a ransom to unlock it by displaying a message on the user’s screen is said to be ransomware. To make it more realistic, it may display a warning from a law enforcement organization, sometimes even displaying their logos, claiming that the computer with a specific IP address has been used for some illegal activity (child pornography or downloading unlicensed software) and has been traced. In this case, the user gets a warning on the screen to pay a fine in order to unlock their system.
How Ransomware Works?
- A ransomware attack usually involves 5 phases.
- Infection – Using a phishing email or an exploit kit, the malware infects a system.
- Delivery – During this phase, the victim’s system is executed by the ransomware.
- Destroy Backup – Then the backup files and folders on a victim’s computer are targeted next.
- Encryption – The next phase is data encryption where the user’s data is encrypted once the backup is removed.
- Notification – Once the backup is removed, the extortion money is demanded in the form of an error message on the infected user’s screen.
How Can Ransomware Attack Impact Us?
Ransomware attack often leads to major financial losses to businesses.
- Theft of corporate information
- Theft of money
- Theft of financial information
- Inability to process online transactions
- Loss of contract
- Costs associated with repairing affected system or network
In addition to the above, the company may get into severe trouble.
- Legal Issues
Since companies are entitled to secure the data and make sure that the privacy of the personal data is not compromised in any situation. They must maintain security systems or else face fines and regulatory sanctions.
- Loss of Reputation
Trust is a critical aspect of the relationship with customers. Hence, a cyberattack can damage reputation or the kind of relationship which a company shares with its customers. This might result in the loss of customers, sales or reduction in profits.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” reported Phillip Misner, security group manager at the Microsoft Security after such an attack.
In early 2012, most of the European countries started getting infected with the Reveton virus. The error message which the victims received also had the logos of the law enforcement firms to make this look more genuine. However, in 2013, a Russian national was later arrested related to Reveton.
In 2013, many companies were targeted by some phishing emails demanding ransom in exchange of the encryption key to decode their data. The victims were asked to pay a ransom amount of 300 USD and a time limit was set after which the data would be lost forever. This ransomware was called CryptoLocker.
One of the major mobile ransomwares is Fusob which had accounted for around 93% of the mobile ransomwares between 2015 and 2016. One interesting fact about this malware is that once Fusob is installed, it asks of which language was being used on the device, it does nothing if Russian or certain Eastern European languages are found. However, in other cases, it locks the system and demands a ransom of $200-$300 to unlock the system.
How Can You Secure Your Systems?
In case your system gets affected by such a cyberattack, it won’t take much time for the hacker to take over your company’s systems. People who work on Windows based PCs must take care of a few things. In case you aren’t into the habit of saving copies of your data, make it a regular practice before going forward. This way, even if your system is encrypted with this malware, you can at least be sure that you have the data in hand.
Also, DO NOT click on links from unknown sources or do not respond to the emails from unknown sources. Also DO NOT download attachments sent from unknown emails.
You must NOT download files from unknown or unsafe sites without prior information.
Always stay ALERT! We should train the people with less knowledge of IT about the repercussions of a cyberattack.
We recommend to use genuine version of OS, ant-virus, anti-malware and other software. Also don’t forget to keep them updated to their latest versions.
Even though the attack was later thwarted it affected many big organizations. Many British hospitals were crippled due to this attack, with appointments getting canceled, patients being turned away and phone lines going down. This can well explain the criticality of the situation. What is most alarming is the huge global impact of this attack.
A Few Affected Organizations
- Lakeridge Health
- LATAM Airlines Group
- Ministry of Internal Affairs of the Russian Federation
- Ministry of Foreign Affairs (Romania)
- National Health Service (England)
- NHS Scotland
- Nissan Motor Manufacturing UK
- Petro China
- Portugal Telecom
- Russian Railways
- São Paulo Court of Justice
- Saudi Telecom Company
- State Government of Gujarat
- State Government of Kerala
- State Government of Maharashtra
- State Government of West Bengal
- Sun Yat-sen University, China
- Telenor Hungary
- Timrå Municipality, Sweden
- Universitas Jember, Indonesia
- University of Milano-Bicocca, Italy
- University of Montréal, Canada
- Andhra Pradesh Police, India
- Automobile Dacia
- Cambrian College, Canada
- Chinese public security bureau
- CJ CGV
- Deutsche Bahn
- Dharmais Hospital, Indonesia
- Faculty Hospital, Nitra, Slovenia
- Garena Blade and Soul
- Harapan Kita Hospital, Indonesia
- Instituto Nacional de Salud, Colombia
The U.K. government stated that: “The way these attacks work means that compromise of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.”