TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentral TechCentral
    NEWSLETTER
    • News

      E.tv: ‘We know we must vacate broadband spectrum bands’

      29 June 2022

      E-commerce is killing shopping malls – but, curiously, not in South Africa

      29 June 2022

      Eskom warns recovery from strike chaos could take weeks

      29 June 2022

      Eskom offers workers 7% increase: sources

      29 June 2022

      Eskom employees returning to work

      29 June 2022
    • World

      Napster plots crypto comeback

      29 June 2022

      Pictures: Chinese spacecraft acquires images of entire planet of Mars

      29 June 2022

      Arm aims for leg-up in smartphone games with new chip tech

      29 June 2022

      Warnings of a final bitcoin ‘washout’

      29 June 2022

      Sony launches into PC gaming hardware

      29 June 2022
    • In-depth

      The great crypto crash: the fallout, and what happens next

      22 June 2022

      Goodbye, Internet Explorer – you really won’t be missed

      19 June 2022

      Oracle’s database dominance threatened by rise of cloud-first rivals

      13 June 2022

      Everything Apple announced at WWDC – in less than 500 words

      7 June 2022

      Sheryl Sandberg’s ad empire leaves a complicated legacy

      2 June 2022
    • Podcasts

      How your organisation can triage its information security risk

      22 June 2022

      Everything PC S01E06 – ‘Apple Silicon’

      15 June 2022

      The youth might just save us

      15 June 2022

      Everything PC S01E05 – ‘Nvidia: The Green Goblin’

      8 June 2022

      Everything PC S01E04 – ‘The story of Intel – part 2’

      1 June 2022
    • Opinion

      Has South Africa’s advertising industry lost its way?

      21 June 2022

      Rob Lith: What Icasa’s spectrum auction means for SA companies

      13 June 2022

      A proposed solution to crypto’s stablecoin problem

      19 May 2022

      From spectrum to roads, why fixing SA’s problems is an uphill battle

      19 April 2022

      How AI is being deployed in the fight against cybercriminals

      8 April 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Top»Ransom hackers dealt setback; may return

    Ransom hackers dealt setback; may return

    Top By Agency Staff13 May 2017
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    The cyberattack that spread rapidly around the globe was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to return as many computers remain at risk.

    Hackers can still gain easy access to PCs that lack a security update issued in March by Microsoft to fix the vulnerability in its Windows operating system. The company had labeled the patch as “critical”.

    The malware, using a technique purportedly stolen from the US National Security Agency, stopped care in hospitals across the UK, affected Russia’s ministry of interior and infected company computer systems in countries from Eastern Europe to the US and Asia.

    While most organisations won’t suffer as much as the UK healthcare facilities, the incident renewed the debate about the risk of governments stockpiling flaws in commercial technology and using them for hacking attacks.

    In the UK, 16 organisations in the National Health Service were infected, and hospitals in London, north-west England and central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

    Healthcare organisations are notoriously slow to apply security fixes, in part because of the disruption caused by taking critical systems offline. That has made them a reliable victim of ransomware attacks, such as that on Friday in which hackers encrypted data on infected computers and demanded US$300 in bitcoin to unlock it. Many security professionals and even some in law enforcement recommend paying the ransom in such cases as the fastest way to get the data back.

    Last year, an acute-care hospital in Hollywood paid $17 000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.

    Hospitals are also fertile ground for identity thieves because of their often-lax security policies. Bloomberg Businessweek wrote in 2015 about a spate of malware infections at hospitals where radiology machines, blood-gas analysers and other devices were compromised and used to siphon off the personal data of patients.

    Other victims were most likely small and medium-sized businesses. Some larger organisations, such as Spain’s Telefonica and FedEx, were also infected.

    A spokesman for Telefonica said the hack affected some employees at its headquarters, but the Spanish phone company is attacked frequently and the impact of Friday’s incident wasn’t major.

    FedEx said it was “experiencing interference”, the Associated Press reported. French car maker Renault halted production at some factories to stop the virus from spreading, a spokesman said.

    While any sized company could be vulnerable, many large organisations with robust security departments would have prioritised the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack.

    Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it. Some security expects calculate that ransomware may bring in as much as $1bn/year in revenue for the attackers.

    Global victims

    More than 75 000 computers in 99 countries were compromised in Friday’s attack, with a heavy concentration of infections in Russia and Ukraine, according to Dutch security company Avast Software.

    Russia’s interior ministry, with oversees the country’s police forces, said “around a thousand computers were infected”, which it described as less than 1% of the total, The New York Times reported. The ministry said technicians had stopped the attack and were updating the department’s “antivirus defence systems”, according to the Times.

    Microsoft cited its March security update and said it had added detection and protection against the new malware after it was reported. “We are working with customers to provide additional assistance,” the company said in a blog posting.

    The attack was apparently halted in the afternoon in the UK when a researcher took control of an Internet domain that acted as a kill switch for the worm’s propagation, according to Ars Technica.

    “I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” wrote the researcher, who uses the Twitter name @MalwareTechBlog. “So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.”

    There is a high probability that Russian-language cybercriminals were behind the attack, said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs.

    “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.”  — (c) 2017 Bloomberg LP

    • Reported with assistance from Stepan Kravchenko
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleExtortionists mount global cyberattack
    Next Article Qualcomm’s antitrust woes mount

    Related Posts

    Napster plots crypto comeback

    29 June 2022

    Pictures: Chinese spacecraft acquires images of entire planet of Mars

    29 June 2022

    Arm aims for leg-up in smartphone games with new chip tech

    29 June 2022
    Add A Comment

    Comments are closed.

    Promoted

    Think herding cats is tricky? Try herding a cloud

    29 June 2022

    How your business can help hybrid workers effectively

    28 June 2022

    Hands off our satellite spectrum!

    27 June 2022
    Opinion

    Has South Africa’s advertising industry lost its way?

    21 June 2022

    Rob Lith: What Icasa’s spectrum auction means for SA companies

    13 June 2022

    A proposed solution to crypto’s stablecoin problem

    19 May 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.