Read in: Nederlands
You have probably heard the news about ransomware cyber attacks on worldwide ICT systems. Ransomware is a blackmail method on the internet by malware. It is a program that encrypts a computer’s data and then charges the user for the decryption password. It involves locking up people’s data and threatening to destroy it if a ransom is not paid. Last Friday 12th of May WannaCript was launched. Find out what it is and how to protect yourself and your organisation.
Global cyber attack – WannaCrypt
WannaCrypt, also known as WannaCry, is a ransomware, which demands ransom payments. It spreads using multiple methods, such as phishing emails and un-patched systems (systems without security updates). In a matter of hours hospitals, train stations, apartment buildings, banks and delivery companies were infected.
The attack has been described by Europol as unprecedented in scale, and forced Microsoft to took the unusual step of issuing patches (security updates) for systems that were unsupported more than three years ago. The global cyber attack has affected 230,000 computers in 150 countries so far.
How to protect yourself and your business from ransomware
This all sounds pretty scary but we will give you some tips which will help you not to be affected. At Endouble we are daily serving thousands of application submissions to our clients. As we work with Unix machines, this doesn’t directly affect us, but it does to our clients. That’s why we suggest to follow some security advices in order to minimise the risk.
Keep your system up to date. If you need to run Unsupported Windows OS, make sure you applied the Microsoft emergency patch.
Backup your data. Ransomware will encrypt your computer data, but if you do backups regularly, damages will be reduced drastically.
Use Antivirus and keep it up to date. Vendors have added the virus definitions to protect users.
Server Message Block for Windows devices
Disable Server Message Block (SMB), following Microsoft’s guide.
Enable your firewall to block untrusted incoming and outgoing connections.
Most of the malware come from emails or other messaging systems. Be suspicious on any attached document or link.
More details and facts
Once infected, the malware will also scan for other vulnerable computers on the local network, and also random hosts on the internet. It also spreads by using phishing techniques over email, with attached files or links.
The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain’s National Health Service (NHS), Nissan, FedEx, Deutsche Bahn and LATAM Airlines.
As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.
Three or more hardcoded bitcoin addresses are used to receive the payments. Since the bitcoin payments are publicly visible to anyone, we are able to know how much money the criminals made. As of May 15th at 7 PM, a total of 220 payments worth $59,747.53 had been transferred.
Someone created a Twitter bot that tweets in real time when a payment is made. This bot is watching the bitcoin wallets tied to the WannaCry ransomware attack.
Information security for our customers
Endouble always provides a website that meets the most appropriate security standards. Our servers are protected with WAF (Web Application Firewall) to minimise frequent attacks on websites. In addition, we carry out pentests and we continuously monitor our servers, so we are able to observe inappropriate or malicious behaviour and to react quickly. And thus increase the overall security of the entire system.
If you have doubts about the security of your organisation or the safety or your website(s), feel free to contact us. Our in-house security specialists can definitely help out!