WannaCry: China’s pain; but who’d done it?

The widespread ransomware (WannaCry) virus released by some unknown hackers on Friday, 12 May 2017, and affecting numerous organizations all over the world, reminds us of the need to always be on guard as far as computer virus malicious software is concerned. For sure, there are still a few bad guys all over the place. WannaCry affected tens of thousands of computers in as many as 150 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, Japan and South Korea. In Africa, the countries affected include South Africa, Nigeria, Angola, Egypt, Mozambique, Tanzania, Niger, Morocco and Tunisia, according to reports credited to Kaspersky. The software could run in as many as 27 different languages.

The virus basically gets into your computer and encrypts your documents: photos, videos, databases, and all files. Since you do not know the encryption details, you cannot decrypt to regain access to your documents, no matter how computer savvy you may be. So, the virus asks you to pay $300, giving you 3 days to make the payment, or else the charges are doubled. You have 7 days to pay up or else the option to pay is removed and you’ll lose your files. There’s supposedly a special consideration for those whom the hackers deem to be too indigent to pay the ransom in 6 months.

You pay in bitcoins – yes, bitcoins. Incredible to recollect that the last two articles in this column in Daily Trust a week before the virus attack was on bitcoin! (Many readers had written me about the bitcoin articles, requesting for instructions on how to start accepting and paying in bitcoins. I just hope they didn’t have to use the knowledge in settling WannaCry!)

Note that paying the ransom does not in any way guarantee that you will have your files back; it does guarantee that the hackers will take your money, and in some cases, your banking information. Moreover, decrypting files does not mean the malware infection itself has been removed.

To be sure, this is not the first occurrence of ransomware. One in 2015 dubbed LowLevel04, encrypts data using AES encryption and then demands a 4 bitcoins, or $1000 USD ransom to get files back. In 2016, CRYSIS, a ransomware family, was distributed via Microsoft Remote Desktop Protocol (RDP) brute force attacks worldwide.

Windows RDP allows you to remotely login to a computer. Unfortunately, vulnerability in it allows unwanted access of others via a brute force attack (on RDP). Microsoft released a security update for the MS17-010 (link is external) vulnerability on March 14, 2017. Additionally, Microsoft released patches for Windows XP, Windows 8, and Windows Server 2003 (link is external) operating systems on May 13, 2017. According to open sources, one possible vehicle for infection is via phishing emails.

WannaCry targets both home and business users alike. Consequences may include temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential damage of an organization’s reputation.

Precautionary measures to mitigate ransomware threats include ensuring your anti-virus software is up-to-date, implementing a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location, scrutinizing links contained in e-mails, not opening attachments included in unsolicited e-mails, and only downloading software from sites you know and trust.

China suffered a disproportional amount of damage from WannaCry. According to Paul Mozur in 15 May 2017 issue of New York Times, “Police stations and local security offices reported problems on social media, while university students reported being locked out of final thesis papers. Electronic payment systems at gas stations run by the state oil giant PetroChina were cut off for much of the weekend. Over all, according to the official state television broadcaster, about 40,000 institutions were hit. Separately, the Chinese security company Qihoo 360 reported that computers at more than 29,000 organizations had been infected.”

Why was China hard hit, apparently more than other countries? The answer can be found in the large number of Internet users and the reported widespread cases of software piracy in the country. According to Mozur, “Researchers believe large numbers of computers running unlicensed versions of Windows probably contributed to the reach of the so-called ransomware attack, according to the Finnish cybersecurity company F-Secure. Because pirated software usually is not registered with the developer, users often miss major security patches that could ward off assaults.”

As to the source of the attack or who to blame for it; it depends on who you ask. The Western world appears to think the hackers are North Koreans, even if they are not physically resident in the country. On the other hand, many Chinese resist blaming North Korea, opting instead to attribute the source of the virus to the United States.

Whoever is responsible for WannaCry, it suffices to say you’ve got to be proactive in matters of computer security.


. . . . . . . .

Leave a Reply