BERLIN- Computer experts are warning of a further wave of ransomware attacks when people turn on their computers on Monday morning.
Here’s what you ought to know:
Q: What happened?
A: Tens of thousands of computers in homes, businesses and government agencies were infiltrated by malicious software that encrypted and blocked access to content until users paid between 300 and 600 dollars in the digital currency bitcoin. Around 150 countries are thought to have been affected. Its advance was later halted when a British researcher discovered a so-called kill switch.
Q: What accounts for its scale?
A: Hackers exploited vulnerabilities in the most widely used operating system in the world: Microsoft Windows. The software giant issued a fix in March to correct the security flaw, but computers that did not run the update were susceptible to infection. The highest-profile organization to fall victim to the cybercrime was Britain’s National Health Service, which uses the 15-year-old Windows XPoperating system on its computers. Windows XP is so old that Microsoft was no longer offering free software updates for it. The company announced Saturday that it was reversing that policy.
Q: How does the malware enter a computer?
A: The cyberweapon involved in the attack is malware known as Wanna Decryptor or WannCry. It infiltrates computers by way of links and attachments in spam emails.Security experts say unknown hackers took advantage of tools stolen from the US National Security Agency (NSA). Portions of the spy agency’s sophisticated cyberarsenal have been leaked online in recent months.
Q: Could this kind of attack be repeated?
A: Yes. Any computer that doesn’t have up-to-date software is at risk. Even then, modern software is so complex that new vulnerabilities are always being discovered.Some are fixed by their developers before they’re found but others are reached first by intelligence agencies or criminal hackers, as in this case.
Q: So if the NSA had informed Microsoft about the vulnerability rather than stockpiling it, the attack might not have happened?
A: Possibly not. That’s why IT experts warn that vulnerabilities represent a danger for everyone. In the United States there’s a committee that decides whether vulnerabilities should be patched or exploited. Usually the software developers are informed.
Q: How secure is critical infrastructure?
A: The Stuxnet worm that was used to destroy Iran’s nuclear programme a decade ago has already demonstrated how industrial computer systems can be manipulated.Companies are aware of this, and a lot of money is spent on securing critical infrastructure such as transport and telecommunications. That’s why only relatively unimportant systems at Spanish telecom giant Telefonica and Germany’s rail operator Deutsche Bahn were affected in Friday’s attack. According to experts, there has only been one known successful cyber attack on an electricity grid, and that was in Ukraine in 2015.
Q: What can consumers do to protect themselves?
A: Keeping your software up to date is the absolute minimum, according to Ruediger Trost of the IT security firm F-Secure. Firewalls should also be used to monitor data traffic, even within a network to prevent one computer from infecting others. And be careful when clicking on links in emails.Finally, be prepared and always keep a back-up. “You might be missing last weekend’s photos then but you won’t have lost everything,” says Candid Wueest from security firm Symantec.
Q: What should you do if your computer is infected with ransomware?
A: Wueest and other authorities advise against paying the ransom because it only feeds the hackers’ criminal enterprise. And even if you do pay, it’s not guaranteed you’ll get your data back. – dpa