WannaCryptor: What you need to know about the ransomware 0 1282

  • WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting Microsoft Windows operating system.
  • On Friday, 12 May 2017, a large cyber-attack using it was launched, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages.
  • Cybercriminals are beginning to take notice of the numerous vulnerabilities present in Africa’s digital ecosystem and are innovatively exploiting the numerous loopholes within the continents digital technologies.
Understanding Wannacryptor

A new and adverse form of malware

A new and adverse form of malware has taken the world by storm. Riding on the ubiquitous nature of the Windows OS in PCs, the WannaCry ransomware program (detected by ESET as Win32/Filecoder.WannaCryptor.D) has put most cybersecurity executives in tears as it has ploughed through various organisations on an unprecedented scale.

The African digital ecosystem has not been spared either. WannaCryptor has hit numerous institutions throughout the Continent. The nations which were adversely hit include: Kenya, Ethiopia, Tanzania, Mozambique, Sudan, South Sudan, Uganda, Algeria, South Africa and Nigeria.

On the 13th of May 2017, the Communications Authority of Kenya in conjunction with the National Kenya Computer Incident Response Team Coordination Center (National KE-CIRT/CC) issued a press statement alerting members of the public of the presence of the WannaCrypt0r ransomware epidemic throughout the globe.

As predicted, cybercriminals are beginning to take notice of the numerous vulnerabilities present in Africa’s digital ecosystem and are innovatively exploiting the numerous loopholes within our digital technologies.

Understanding Wannacryptor

Understanding Wannacryptor

WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting Microsoft Windows operating system.

On Friday, 12 May 2017, a large cyber-attack using it was launched, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages.

The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm.

The attack has been described by Europol as unprecedented in scale.

WannaCrypt0r uses the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems.

Although a patch to remove the underlying vulnerability for supported systems (Windows Vista and later operating systems) had been issued on 14 March 2017, delays in applying security updates has left numerous users vulnerable.

Does your machine run on Windows?

The Windows Operating System remains the main operating system which runs on laptops and desktops in Africa.

With negligible usage over mobile phones in Africa, the Windows OS maintains a significant 35% usage statistic in our continent as over 80% of enterprise devices run on the Windows OS.

This essentially means that if you are a Kenyan reading this article on a Personal Computer or laptop, then there exists an over 80% chance that it is running on Windows.

This, coupled up by the immense chance that the Windows Operating System your device is running on is not updated, increases your vulnerability to the Wannacrypt0r ransomware even further.

What you need to do to stay safe

According to ESET’s Michael Aguilar, here are some tips which we strongly recommend:

  • Install Anti-malware Software – You may have heard this over and over, and it seems very repetitive mentioning it now. However, if we had not encountered multiple instances where I was told, “It is a server, and we have firewalls, so I will leave anti-malware off of this machine” or “I have too many problems to install antivirus on this server”, We would not mention it. But, that has happened. So, we are stating it. Please install reputable anti-malware and give yourself a fighting chance at stopping this before you are affected.
  • Update Your Windows Machines – Please! I know that patches can be very, very difficult to get deployed across the entire network. This one, you will want to install. It has been available since mid-April and stops the exploit from gaining a foothold in your environment. The patch listing for the entire listing of Equation Group files can be located here.
  • Be Intelligent! – As a person who researches infections, exploits and various other information security related items, knowing is half the battle. Especially when items are being leaked and created in this kind of rapid-fire fashion.  Using Threat Intelligence,  ESET was able to create the appropriate YARA rules that identified the droppers, files and characteristics pertaining to the Equation Groups leaked exploitation files.  There has been plenty of detections of these object..  This kind of intel, and more importantly, the feeds that are provided, could help you to make better decisions on what to protect and how to protect it.

In Conclusion

It is important for institutions to invest in reputable malware protection products. As an example, ESET’s network protection module was already blocking attempts to exploit the leaked vulnerability at the network level before this particular malware was even created. ESET increased the protection level for this specific threat before the exploit was utilised.

Sometimes, investment in technology is not enough. Despite the immense investments in cybersecurity tech, employees remain the weakest link in an organisation’s cybersecurity environment. It costs little more than a cup of coffee to effect security awareness training for a single employee and saving the face of your organisation in the modern, digital world.

In many ways, the ubiquitous growth of Wannadecrypt0r in the modern digital age may serve as an unforgettable lesson for Kenyans; that cybersecurity is not a priority just for the Mzungu, but the Mwananchi as well.

Previous ArticleNext Article

Security trends to look out for in 2018 0 1874

After a turbulent 2017 with Cyber Security making regular headlines, looking ahead to the coming year, there will no doubt be further discussions about the threat landscape.

Ransomware Revolution  – Ransomware of Things

Technological advances and their accelerated use have led to a number of scenarios considered unlikely just few years prior, are now within the realm of possibility. The advice going into 2018 from ESET researchers is to back up everything that matters to you, often, by keeping at least some backups offline – to media that aren’t routinely exposed to corruption by ransomware and other malware – in a physically secure location. As the Internet of Unnecessarily Networked Things becomes less avoidable, the attack surface increases, with networked devices and sensors embedded into unexpected items and contexts: from routers to fridges to smart meters, from TVs to toys, from power stations to petrol stations and pacemakers. As everything gets ‘smarter’, the number of services that might be disrupted by malware becomes greater.

Criminals following the money

With data being the most valuable asset, ransomware is set to remain in great demand among cybercriminals. It is important to note that many ransomware attacks are not sophisticated enough or never intended to recover the victim’s data once the ransom has been paid. For these reasons we suggest not only backing up of data online and offline but also implementing proper security measures such as proactively training staff on what phishing emails entail and how to avoid clicking on them and entering any credentials.

Critical infrastructure attacks on the rise

Cyber attacks on the Ukrainian power companies resulted in electricity service being turned off in hundreds of thousands of homes. The implications of this for future attacks of this kind include more than just the power grid but also includes critical manufacturing and food production, water and transport and the defence and healthcare sectors.

Safer for all

This year has seen ESET’s malware analysts continue to help law enforcement crack down on malicious campaigns and, by extension, the criminals spewing them. We are confident that 2018 will bring further successful investigations as we will continue to lend a hand to authorities so that, ultimately, the internet can become a safer place for everyone – except cybercriminals.

Download the full Security Trends 2018 report here

ESET and Google combine to improve Chrome 0 1910

ESET Chrome Cleanup

ESET combines with Google to improve the security of the Google Chrome browser

Google and ESET have combined Chrome’s sandbox technology with ESET’s detection engine to create the Chrome Cleanup tool included in the latest version of Google Chrome. The new version of tool has been developed with the vision of allowing internet users to browse the web safely and without interruption.

“Under the hood, we upgraded the technology we use in Chrome Cleanup to detect and remove unwanted software. We worked with IT security company ESET to combine their detection engine with Chrome’s sandbox technology. We can now detect and remove more unwanted software than ever before, meaning more people can benefit from Chrome Cleanup.” – Philippe Rivard, Product Manager, Chrome Cleanup.

Chrome Cleanup is now able to detect unwanted software such as pop-up ads, unwanted extensions, toolbars and browser redirecting software, and single it out for removal thereby allowing internet users to enjoy safer technology.

Chrome Cleanup runs in the background while users are browsing on Chrome and alerts users to potential threats. It then gives users the option to quickly remove this harmful or unwanted software and restore Chrome to its default settings.

“Using the internet should always be a smooth and safe experience for everyone,” said Juraj Malcho, Chief Technology Officer at ESET. ““For three decades, ESET has developed a number of security solutions that allow users to safely enjoy their technology and to mitigate a variety of cyber threats. Chrome Cleanup addresses unwanted software that can negatively influence a users’ experience on the internet.”

Cyber security attacks have become more frequent, more advanced and more difficult to identify. Take the worry out of your browsing experience and download the ESET protected Chrome Cleanup tool here.